DATABASE RESOURCES PRICING ABOUT US

{"id": "ORACLELINUX_ELSA-2011-1220.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 5 : samba3x (ELSA-2011-1220)", "description": "From Red Hat Security Advisory 2011:1220 :\n\nUpdated samba3x packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "published": "2013-07-12T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/68336", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694", "https://oss.oracle.com/pipermail/el-errata/2011-August/002318.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2724", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678"], "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "immutableFields": [], "lastseen": "2023-01-11T14:56:23", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:1219", "CESA-2011:1220"]}, {"type": "cve", "idList": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2004-1:84FE5", "DEBIAN:DSA-2290-1:37050"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-0547", "DEBIANCVE:CVE-2011-1678", "DEBIANCVE:CVE-2011-2522", "DEBIANCVE:CVE-2011-2694", "DEBIANCVE:CVE-2011-2724"]}, {"type": "exploitdb", "idList": ["EDB-ID:17577"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BE2E93243FAEFE8BBDEB60F9B015BF1F"]}, {"type": "fedora", "idList": ["FEDORA:2354B110B14", "FEDORA:46D55110B99", "FEDORA:6616D110E05", "FEDORA:77E132110D", "FEDORA:78E2C2851D", "FEDORA:B26FE110C09", "FEDORA:D3501201B6", "FEDORA:F3518110AE2"]}, {"type": "freebsd", "idList": ["56F4B3A6-C82C-11E0-A498-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201206-22", "GLSA-201206-29"]}, {"type": "jvn", "idList": ["JVN:29529126", "JVN:63041502"]}, {"type": "nessus", "idList": ["9343.PRM", "CENTOS_RHSA-2011-1219.NASL", "CENTOS_RHSA-2011-1220.NASL", "DEBIAN_DSA-2004.NASL", "DEBIAN_DSA-2290.NASL", "FEDORA_2011-10028.NASL", "FEDORA_2011-10341.NASL", "FEDORA_2011-10367.NASL", "FEDORA_2011-9269.NASL", "FEDORA_2011-9831.NASL", "FEDORA_2011-9847.NASL", "FREEBSD_PKG_56F4B3A6C82C11E0A49800215C6A37BB.NASL", "GENTOO_GLSA-201206-22.NASL", "GENTOO_GLSA-201206-29.NASL", "MANDRIVA_MDVSA-2010-090.NASL", "MANDRIVA_MDVSA-2011-121.NASL", "MANDRIVA_MDVSA-2011-148.NASL", "ORACLELINUX_ELSA-2011-1219.NASL", "ORACLELINUX_ELSA-2011-1221.NASL", "REDHAT-RHSA-2011-1219.NASL", "REDHAT-RHSA-2011-1220.NASL", "REDHAT-RHSA-2011-1221.NASL", "SAMBA_3_5_10.NASL", "SLACKWARE_SSA_2011-210-03.NASL", "SL_20110829_SAMBA3X_ON_SL5_X.NASL", "SL_20110829_SAMBA_AND_CIFS_UTILS_ON_SL6_X.NASL", "SL_20110829_SAMBA_ON_SL4_X.NASL", "SUSE9_12595.NASL", "SUSE9_12812.NASL", "SUSE_11_0_CIFS-MOUNT-100312.NASL", "SUSE_11_1_CIFS-MOUNT-100312.NASL", "SUSE_11_2_CIFS-MOUNT-100315.NASL", "SUSE_11_3_LDAPSMB-110727.NASL", "SUSE_11_4_LDAPSMB-110728.NASL", "SUSE_11_CIFS-MOUNT-100312.NASL", "SUSE_11_CIFS-MOUNT-110815.NASL", "SUSE_CIFS-MOUNT-6920.NASL", "SUSE_CIFS-MOUNT-6921.NASL", "SUSE_CIFS-MOUNT-7656.NASL", "SUSE_CIFS-MOUNT-7671.NASL", "UBUNTU_USN-1182-1.NASL", "UBUNTU_USN-1226-1.NASL", "UBUNTU_USN-1226-2.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103448", "OPENVAS:1361412562310100499", "OPENVAS:1361412562310103298", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310122099", "OPENVAS:1361412562310122100", "OPENVAS:1361412562310122101", "OPENVAS:136141256231067030", "OPENVAS:136141256231070226", "OPENVAS:136141256231070262", "OPENVAS:136141256231071548", "OPENVAS:136141256231071555", "OPENVAS:136141256231071957", "OPENVAS:1361412562310830929", "OPENVAS:1361412562310831027", "OPENVAS:1361412562310831038", "OPENVAS:1361412562310831433", "OPENVAS:1361412562310831466", "OPENVAS:1361412562310840717", "OPENVAS:1361412562310840765", "OPENVAS:1361412562310840769", "OPENVAS:1361412562310863376", "OPENVAS:1361412562310863406", "OPENVAS:1361412562310863410", "OPENVAS:1361412562310863434", "OPENVAS:1361412562310863438", "OPENVAS:1361412562310863767", "OPENVAS:1361412562310864174", "OPENVAS:1361412562310864205", "OPENVAS:1361412562310870475", "OPENVAS:1361412562310870477", "OPENVAS:1361412562310870708", "OPENVAS:1361412562310880969", "OPENVAS:1361412562310880981", "OPENVAS:1361412562310880985", "OPENVAS:1361412562310881274", "OPENVAS:1361412562310881285", "OPENVAS:1361412562310881388", "OPENVAS:67030", "OPENVAS:70226", "OPENVAS:70262", "OPENVAS:71548", "OPENVAS:71555", "OPENVAS:71957", "OPENVAS:830929", "OPENVAS:831027", "OPENVAS:831038", "OPENVAS:831433", "OPENVAS:831466", "OPENVAS:840717", "OPENVAS:840765", "OPENVAS:840769", "OPENVAS:863376", "OPENVAS:863406", "OPENVAS:863410", "OPENVAS:863434", "OPENVAS:863438", "OPENVAS:863767", "OPENVAS:864174", "OPENVAS:864205", "OPENVAS:870475", "OPENVAS:870477", "OPENVAS:870708", "OPENVAS:880969", "OPENVAS:880981", "OPENVAS:880985", "OPENVAS:881274", "OPENVAS:881285", "OPENVAS:881388"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1219", "ELSA-2011-1220", "ELSA-2011-1221", "ELSA-2012-0313"]}, {"type": "osv", "idList": ["OSV:DSA-2004-1", "OSV:DSA-2290-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:103472"]}, {"type": "redhat", "idList": ["RHSA-2011:1219", "RHSA-2011:1220", "RHSA-2011:1221"]}, {"type": "samba", "idList": ["SAMBA:CVE-2011-2522", "SAMBA:CVE-2011-2694"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26754", "SECURITYVULNS:DOC:27157", "SECURITYVULNS:VULN:11819", "SECURITYVULNS:VULN:11975"]}, {"type": "seebug", "idList": ["SSV:19564", "SSV:20770", "SSV:30179", "SSV:30180"]}, {"type": "slackware", "idList": ["SSA-2011-210-03"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0348-1"]}, {"type": "ubuntu", "idList": ["USN-1182-1", "USN-1226-1", "USN-1226-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-0547", "UB:CVE-2011-1678", "UB:CVE-2011-2522", "UB:CVE-2011-2694", "UB:CVE-2011-2724"]}, {"type": "veracode", "idList": ["VERACODE:24287", "VERACODE:24688", "VERACODE:24689", "VERACODE:24690", "VERACODE:24705"]}, {"type": "vmware", "idList": ["VMSA-2012-0001", "VMSA-2012-0001.2"]}]}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1219", "CESA-2011:1220"]}, {"type": "cve", "idList": ["CVE-2010-0547"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2004-1:84FE5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-2694"]}, {"type": "exploitdb", "idList": ["EDB-ID:17577"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BE2E93243FAEFE8BBDEB60F9B015BF1F"]}, {"type": "fedora", "idList": ["FEDORA:F3518110AE2"]}, {"type": "freebsd", "idList": ["56F4B3A6-C82C-11E0-A498-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201206-22"]}, {"type": "jvn", "idList": ["JVN:29529126"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-1219.NASL", "DEBIAN_DSA-2004.NASL", "DEBIAN_DSA-2290.NASL", "FEDORA_2011-10341.NASL", "GENTOO_GLSA-201206-29.NASL", "MANDRIVA_MDVSA-2010-090.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070262", "OPENVAS:1361412562310831433", "OPENVAS:1361412562310863406", "OPENVAS:1361412562310863410", "OPENVAS:1361412562310863438", "OPENVAS:1361412562310880981", "OPENVAS:831433", "OPENVAS:840765", "OPENVAS:864174"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1221"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:103472"]}, {"type": "redhat", "idList": ["RHSA-2011:1221"]}, {"type": "samba", "idList": ["SAMBA:CVE-2011-2694"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11975"]}, {"type": "seebug", "idList": ["SSV:19564"]}, {"type": "slackware", "idList": ["SSA-2011-210-03"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0348-1"]}, {"type": "ubuntu", "idList": ["USN-1182-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2522"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}]}, "exploitation": null, "vulnersScore": -0.5}, "_state": {"dependencies": 1673452425, "score": 1673449353}, "_internal": {"score_hash": "658f441cd8d0e17d50d9e5a4c8c9896f"}, "pluginID": "68336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1220 and \n# Oracle Linux Security Advisory ELSA-2011-1220 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68336);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"Oracle Linux 5 : samba3x (ELSA-2011-1220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1220 :\n\nUpdated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002318.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["p-cpe:/a:oracle:linux:samba3x", "p-cpe:/a:oracle:linux:samba3x-client", "p-cpe:/a:oracle:linux:samba3x-common", "p-cpe:/a:oracle:linux:samba3x-doc", "p-cpe:/a:oracle:linux:samba3x-domainjoin-gui", "p-cpe:/a:oracle:linux:samba3x-swat", "p-cpe:/a:oracle:linux:samba3x-winbind", "p-cpe:/a:oracle:linux:samba3x-winbind-devel", "cpe:/o:oracle:linux:5"], "solution": "Update the affected samba3x packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2011-08-30T00:00:00", "vulnerabilityPublicationDate": "2010-02-04T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T14:34:52", "description": "Updated samba3x packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "RHEL 5 : samba3x (RHSA-2011:1220)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/56000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1220. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56000);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2011:1220)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1220\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1220\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:27:48", "description": "Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS (Common Internet File System) shares.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the cifs-utils package included in the GA release of Scientific Linux 6, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Scientific Linux does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bug :\n\n - If plain text passwords were used ('encrypt passwords = no' in '/etc/samba/smb.conf'), Samba clients running the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing the Microsoft Security Bulletin MS11-043.\n This update corrects this issue, allowing such clients to use plain text passwords to access Samba shares.\n\nUsers of samba and cifs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted automatically.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba and cifs-utils on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA_AND_CIFS_UTILS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61122);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n\n script_name(english:\"Scientific Linux Security Update : samba and cifs-utils on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Scientific Linux 6,\nwas incomplete. The mount.cifs tool did not properly handle share or\ndirectory names containing a newline character, allowing a local\nattacker to corrupt the mtab (mounted file systems table) file via a\nspecially crafted CIFS share mount request, if mount.cifs had the\nsetuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bug :\n\n - If plain text passwords were used ('encrypt passwords =\n no' in '/etc/samba/smb.conf'), Samba clients running the\n Windows XP or Windows Server 2003 operating system may\n not have been able to access Samba shares after\n installing the Microsoft Security Bulletin MS11-043.\n This update corrects this issue, allowing such clients\n to use plain text passwords to access Samba shares.\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3436\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0c71f5d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cifs-utils-debuginfo-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:27:54", "description": "Samba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547 was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Scientific Linux does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61121);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547 was incomplete. The\nmount.cifs tool did not properly handle share or directory names\ncontaining a newline character, allowing a local attacker to corrupt\nthe mtab (mounted file systems table) file via a specially crafted\nCIFS (Common Internet File System) share mount request, if mount.cifs\nhad the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3703\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa1c9467\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:17", "description": "Updated samba3x packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "CentOS 5 : samba3x (CESA-2011:1220)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba3x", "p-cpe:/a:centos:centos:samba3x-client", "p-cpe:/a:centos:centos:samba3x-common", "p-cpe:/a:centos:centos:samba3x-doc", "p-cpe:/a:centos:centos:samba3x-domainjoin-gui", "p-cpe:/a:centos:centos:samba3x-swat", "p-cpe:/a:centos:centos:samba3x-winbind", "p-cpe:/a:centos:centos:samba3x-winbind-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/56272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1220 and \n# CentOS Errata and Security Advisory 2011:1220 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56272);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"CentOS 5 : samba3x (CESA-2011:1220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017970.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8ce0973\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36d07a6a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d51ee4c3\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000141.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?688950e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:04", "description": "From Red Hat Security Advisory 2011:1221 :\n\nUpdated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS (Common Internet File System) shares.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the cifs-utils package included in the GA release of Red Hat Enterprise Linux 6, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in '/etc/samba/smb.conf'), Samba clients running the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing the Microsoft Security Bulletin MS11-043. This update corrects this issue, allowing such clients to use plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted automatically.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : cifs-utils / samba (ELSA-2011-1221)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724", "CVE-2011-3585"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:cifs-utils", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-doc", "p-cpe:/a:oracle:linux:samba-domainjoin-gui", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-devel", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/68337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1221 and \n# Oracle Linux Security Advisory ELSA-2011-1221 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68337);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2011-3585\");\n script_xref(name:\"RHSA\", value:\"2011:1221\");\n\n script_name(english:\"Oracle Linux 6 : cifs-utils / samba (ELSA-2011-1221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1221 :\n\nUpdated samba and cifs-utils packages that fix multiple security\nissues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Red Hat Enterprise\nLinux 6, was incomplete. The mount.cifs tool did not properly handle\nshare or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file\nvia a specially crafted CIFS share mount request, if mount.cifs had\nthe setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat\ndoes not have the setuid bit set. We recommend that administrators do\nnot manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in\n'/etc/samba/smb.conf'), Samba clients running the Windows XP or\nWindows Server 2003 operating system may not have been able to access\nSamba shares after installing the Microsoft Security Bulletin\nMS11-043. This update corrects this issue, allowing such clients to\nuse plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002315.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils and / or samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-common-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils / libsmbclient / libsmbclient-devel / samba / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:47", "description": "Updated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS (Common Internet File System) shares.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the cifs-utils package included in the GA release of Red Hat Enterprise Linux 6, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in '/etc/samba/smb.conf'), Samba clients running the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing the Microsoft Security Bulletin MS11-043. This update corrects this issue, allowing such clients to use plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted automatically.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "RHEL 6 : samba and cifs-utils (RHSA-2011:1221)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724", "CVE-2011-3585"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cifs-utils", "p-cpe:/a:redhat:enterprise_linux:cifs-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-doc", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/56001", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1221. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56001);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2011-3585\");\n script_xref(name:\"RHSA\", value:\"2011:1221\");\n\n script_name(english:\"RHEL 6 : samba and cifs-utils (RHSA-2011:1221)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba and cifs-utils packages that fix multiple security\nissues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Red Hat Enterprise\nLinux 6, was incomplete. The mount.cifs tool did not properly handle\nshare or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file\nvia a specially crafted CIFS share mount request, if mount.cifs had\nthe setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat\ndoes not have the setuid bit set. We recommend that administrators do\nnot manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in\n'/etc/samba/smb.conf'), Samba clients running the Windows XP or\nWindows Server 2003 operating system may not have been able to access\nSamba shares after installing the Microsoft Security Bulletin\nMS11-043. This update corrects this issue, allowing such clients to\nuse plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cifs-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1221\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"cifs-utils-debuginfo-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"cifs-utils-debuginfo-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"cifs-utils-debuginfo-4.8.1-2.el6_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils / cifs-utils-debuginfo / libsmbclient / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:42", "description": "Samba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61123);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3574\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28eeef62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:24", "description": "From Red Hat Security Advisory 2011:1219 :\n\nUpdated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787; and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 : samba (ELSA-2011-1219)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-3585"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-swat", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/68335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1219 and \n# Oracle Linux Security Advisory ELSA-2011-1219 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68335);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"Oracle Linux 4 / 5 : samba (ELSA-2011-1219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1219 :\n\nUpdated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002317.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:28", "description": "Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787; and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : samba (CESA-2011:1219)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-3585"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-swat", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/55997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1219 and \n# CentOS Errata and Security Advisory 2011:1219 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55997);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"CentOS 4 / 5 : samba (CESA-2011:1219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6da8e78\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d50dd8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe52cf92\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74ab0647\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29bfd921\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000137.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b1868b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:47", "description": "Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787; and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : samba (RHSA-2011:1219)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-3585"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/55999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1219. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55999);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"RHEL 4 / 5 : samba (RHSA-2011:1219)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1219\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1219\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:05", "description": "Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils :\n\nsmbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1678).\n\nThe check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724).\n\nAdditionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2011:148)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-1089", "CVE-2011-1678", "CVE-2011-2724"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:cifs-utils", "p-cpe:/a:mandriva:linux:lib64netapi-devel", "p-cpe:/a:mandriva:linux:lib64netapi0", "p-cpe:/a:mandriva:linux:lib64smbclient0", "p-cpe:/a:mandriva:linux:lib64smbclient0-devel", "p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes0", "p-cpe:/a:mandriva:linux:lib64talloc-devel", "p-cpe:/a:mandriva:linux:lib64talloc1", "p-cpe:/a:mandriva:linux:lib64tdb-devel", "p-cpe:/a:mandriva:linux:lib64tdb1", "p-cpe:/a:mandriva:linux:lib64wbclient-devel", "p-cpe:/a:mandriva:linux:lib64wbclient0", "p-cpe:/a:mandriva:linux:libnetapi-devel", "p-cpe:/a:mandriva:linux:libnetapi0", "p-cpe:/a:mandriva:linux:libsmbclient0", "p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes0", "p-cpe:/a:mandriva:linux:libtalloc-devel", "p-cpe:/a:mandriva:linux:libtalloc1", "p-cpe:/a:mandriva:linux:libtdb-devel", "p-cpe:/a:mandriva:linux:libtdb1", "p-cpe:/a:mandriva:linux:libwbclient-devel", "p-cpe:/a:mandriva:linux:libwbclient0", "p-cpe:/a:mandriva:linux:mount-cifs", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:samba-client", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-doc", "p-cpe:/a:mandriva:linux:samba-domainjoin-gui", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:samba-winbind", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2011-148.NASL", "href": "https://www.tenable.com/plugins/nessus/56462", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:148. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56462);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2724\");\n script_bugtraq_id(38326, 49939);\n script_xref(name:\"MDVSA\", value:\"2011:148\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2011:148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\nsamba/cifs-utils :\n\nsmbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to\nappend to the /etc/mtab file and (2) umount.cifs to append to the\n/etc/mtab.tmp file without first checking whether resource limits\nwould interfere, which allows local users to trigger corruption of the\n/etc/mtab file via a process with a small RLIMIT_FSIZE value, a\nrelated issue to CVE-2011-1089 (CVE-2011-1678).\n\nThe check_mtab function in client/mount.cifs.c in mount.cifs in smbfs\nin Samba 3.5.10 and earlier does not properly verify that the (1)\ndevice name and (2) mountpoint strings are composed of valid\ncharacters, which allows local users to cause a denial of service\n(mtab corruption) via a crafted string. NOTE: this vulnerability\nexists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724).\n\nAdditionally for Mandriva Linux 2010.2 the cifs-utils package has been\nupgraded to the 4.8.1 version that brings numerous additional fixes.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc1-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb1-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc1-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb1-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient-devel-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient0-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mount-cifs-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nss_wins-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-client-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-common-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-doc-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-server-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-swat-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-winbind-3.3.12-0.7mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"cifs-utils-4.8.1-0.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient-devel-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient0-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mount-cifs-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nss_wins-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-client-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-common-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-doc-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-domainjoin-gui-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-server-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-swat-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-winbind-3.5.3-3.4mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"cifs-utils-4.9-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64netapi0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnetapi-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnetapi0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libwbclient-devel-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libwbclient0-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mount-cifs-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nss_wins-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-client-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-common-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-doc-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-domainjoin-gui-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-server-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-swat-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-winbind-3.5.10-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:37:22", "description": "Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. (CVE-2011-1678)\n\nJan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. (CVE-2011-2724).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 / 11.04 : cifs-utils vulnerabilities (USN-1226-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:smbfs", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1226-2.NASL", "href": "https://www.tenable.com/plugins/nessus/56390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1226-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56390);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2724\");\n script_xref(name:\"USN\", value:\"1226-2\");\n\n script_name(english:\"Ubuntu 10.10 / 11.04 : cifs-utils vulnerabilities (USN-1226-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that cifs-utils incorrectly handled changes\nto the mtab file. A local attacker could use this issue to corrupt the\nmtab file, possibly leading to a denial of service. (CVE-2011-1678)\n\nJan Lieskovsky discovered that cifs-utils incorrectly filtered certain\nstrings being added to the mtab file. A local attacker could use this\nissue to corrupt the mtab file, possibly leading to a denial of\nservice. (CVE-2011-2724).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1226-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected smbfs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"smbfs\", pkgver:\"2:4.5-2ubuntu0.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"smbfs\", pkgver:\"2:4.5-2ubuntu0.11.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smbfs\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:34:45", "description": "This is an update that fixes a problem with handling embedded newlines in share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "Fedora 16 : cifs-utils-5.0-2.fc16 (2011-10028)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cifs-utils", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-10028.NASL", "href": "https://www.tenable.com/plugins/nessus/55944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10028.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55944);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-2724\");\n script_bugtraq_id(38326);\n script_xref(name:\"FEDORA\", value:\"2011-10028\");\n\n script_name(english:\"Fedora 16 : cifs-utils-5.0-2.fc16 (2011-10028)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes a problem with handling embedded newlines\nin share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726691\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064316.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36cb1e6a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"cifs-utils-5.0-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:34:52", "description": "This is an update that fixes a problem with handling embedded newlines in share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "nessus", "title": "Fedora 14 : cifs-utils-4.8.1-7.fc14 (2011-9847)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cifs-utils", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9847.NASL", "href": "https://www.tenable.com/plugins/nessus/55780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9847.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55780);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-2724\");\n script_bugtraq_id(38326);\n script_xref(name:\"FEDORA\", value:\"2011-9847\");\n\n script_name(english:\"Fedora 14 : cifs-utils-4.8.1-7.fc14 (2011-9847)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes a problem with handling embedded newlines\nin share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726717\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063497.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebd5831b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"cifs-utils-4.8.1-7.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:34:47", "description": "This is an update that fixes a problem with handling embedded newlines in share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "nessus", "title": "Fedora 15 : cifs-utils-5.0-2.fc15 (2011-9831)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cifs-utils", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9831.NASL", "href": "https://www.tenable.com/plugins/nessus/55778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9831.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55778);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-2724\");\n script_bugtraq_id(38326);\n script_xref(name:\"FEDORA\", value:\"2011-9831\");\n\n script_name(english:\"Fedora 15 : cifs-utils-5.0-2.fc15 (2011-9831)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes a problem with handling embedded newlines\nin share names or mountpoints.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726691\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0813ce86\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"cifs-utils-5.0-2.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:35:09", "description": "A cross-site request forgery (CSRF) and a cross-site scripting vulnerability have been fixed in samba's SWAT.\n\n - CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N).\n (CVE-2011-2522)\n\n - CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N).\n (CVE-2011-2694)", "cvss3": {}, "published": "2011-09-01T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Samba (YOU Patch Number 12812)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12812.NASL", "href": "https://www.tenable.com/plugins/nessus/56033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56033);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"SuSE9 Security Update : Samba (YOU Patch Number 12812)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site request forgery (CSRF) and a cross-site scripting\nvulnerability have been fixed in samba's SWAT.\n\n - CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N).\n (CVE-2011-2522)\n\n - CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N).\n (CVE-2011-2694)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2694.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12812.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-devel-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-client-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-doc-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-pdb-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-python-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-vscan-0.3.6b-0.47\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-winbind-3.0.26a-0.19\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libsmbclient-32bit-9-201107292007\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-32bit-9-201107292007\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-client-32bit-9-201107292007\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-9-201107292007\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:10", "description": "Windows security patch KB2536276 prevents access to samba shares Security update to 3.5.10, fixes CVE-2011-2522 and CVE-2011-2694\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-17T00:00:00", "type": "nessus", "title": "Fedora 14 : samba-3.5.11-79.fc14 (2011-10367)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-10367.NASL", "href": "https://www.tenable.com/plugins/nessus/55868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10367.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55868);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"FEDORA\", value:\"2011-10367\");\n\n script_name(english:\"Fedora 14 : samba-3.5.11-79.fc14 (2011-10367)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Windows security patch KB2536276 prevents access to samba shares\nSecurity update to 3.5.10, fixes CVE-2011-2522 and CVE-2011-2694\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725890\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa02e799\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"samba-3.5.11-79.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:49", "description": "New samba packages are available for Slackware 13.1, 13.37, and\n-current to fix security issues.", "cvss3": {}, "published": "2011-08-01T00:00:00", "type": "nessus", "title": "Slackware 13.1 / 13.37 / current : samba (SSA:2011-210-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:samba", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37"], "id": "SLACKWARE_SSA_2011-210-03.NASL", "href": "https://www.tenable.com/plugins/nessus/55737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-210-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55737);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"SSA\", value:\"2011-210-03\");\n\n script_name(english:\"Slackware 13.1 / 13.37 / current : samba (SSA:2011-210-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New samba packages are available for Slackware 13.1, 13.37, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.399403\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eda3577d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.1\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"samba\", pkgver:\"3.5.10\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:27", "description": "Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT) was vulnerable to cross-site request forgeries (CSRF). If a Samba administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the Samba configuration. (CVE-2011-2522)\n\nNobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did not properly sanitize its input when processing password change requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2011-2694).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : samba vulnerabilities (USN-1182-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:swat", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1182-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55758", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1182-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55758);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"USN\", value:\"1182-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : samba vulnerabilities (USN-1182-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yoshihiro Ishikawa discovered that the Samba Web Administration Tool\n(SWAT) was vulnerable to cross-site request forgeries (CSRF). If a\nSamba administrator were tricked into clicking a link on a specially\ncrafted web page, an attacker could trigger commands that could modify\nthe Samba configuration. (CVE-2011-2522)\n\nNobuhiro Tsuji discovered that the Samba Web Administration Tool\n(SWAT) did not properly sanitize its input when processing password\nchange requests, resulting in cross-site scripting (XSS)\nvulnerabilities. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server\nrequest, a remote attacker could exploit this to modify the contents,\nor steal confidential data, within the same domain. (CVE-2011-2694).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1182-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected swat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"swat\", pkgver:\"3.0.28a-1ubuntu4.15\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"swat\", pkgver:\"2:3.4.7~dfsg-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"swat\", pkgver:\"2:3.5.4~dfsg-1ubuntu8.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"swat\", pkgver:\"2:3.5.8~dfsg-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"swat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:22", "description": "The Samba Web Administration Tool (SWAT) contains several cross-site request forgery (CSRF) vulnerabilities (CVE-2011-2522 ) and a cross-site scripting vulnerability (CVE-2011-2694 ).", "cvss3": {}, "published": "2011-08-08T00:00:00", "type": "nessus", "title": "Debian DSA-2290-1 : samba - XSS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:samba", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2290.NASL", "href": "https://www.tenable.com/plugins/nessus/55770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2290. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55770);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"DSA\", value:\"2290\");\n\n script_name(english:\"Debian DSA-2290-1 : samba - XSS\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Samba Web Administration Tool (SWAT) contains several cross-site\nrequest forgery (CSRF) vulnerabilities (CVE-2011-2522 ) and a\ncross-site scripting vulnerability (CVE-2011-2694 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2290\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 2:3.2.5-4lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2:3.5.6~dfsg-3squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"samba\", reference:\"2:3.2.5-4lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpam-smbpass\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient-dev\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwbclient0\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common-bin\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-dbg\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc-pdf\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-tools\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"smbclient\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"swat\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"winbind\", reference:\"2:3.5.6~dfsg-3squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:59", "description": "Samba security advisory reports :\n\nAll current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT.\n\nAll current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the 'Change Password' field, it is possible to insert arbitrary content into the 'user' field.", "cvss3": {}, "published": "2011-08-17T00:00:00", "type": "nessus", "title": "FreeBSD : Samba -- XSS and request forgery vulnerabilities (56f4b3a6-c82c-11e0-a498-00215c6a37bb)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba34", "p-cpe:/a:freebsd:freebsd:samba35", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_56F4B3A6C82C11E0A49800215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/55877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55877);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n\n script_name(english:\"FreeBSD : Samba -- XSS and request forgery vulnerabilities (56f4b3a6-c82c-11e0-a498-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba security advisory reports :\n\nAll current released versions of Samba are vulnerable to a cross-site\nrequest forgery in the Samba Web Administration Tool (SWAT). By\ntricking a user who is authenticated with SWAT into clicking a\nmanipulated URL on a different web page, it is possible to manipulate\nSWAT.\n\nAll current released versions of Samba are vulnerable to a cross-site\nscripting issue in the Samba Web Administration Tool (SWAT). On the\n'Change Password' field, it is possible to insert arbitrary content\ninto the 'user' field.\"\n );\n # https://vuxml.freebsd.org/freebsd/56f4b3a6-c82c-11e0-a498-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a162f9d1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba35\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba34>3.4.*<3.4.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba35>3.5.*<3.5.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:14", "description": "Windows security patch KB2536276 prevents access to samba shares Security update to 3.5.10, fixes CVE-2011-2522 and CVE-2011-2694\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-08-17T00:00:00", "type": "nessus", "title": "Fedora 15 : samba-3.5.11-71.fc15.1 (2011-10341)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-10341.NASL", "href": "https://www.tenable.com/plugins/nessus/55867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10341.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55867);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"FEDORA\", value:\"2011-10341\");\n\n script_name(english:\"Fedora 15 : samba-3.5.11-71.fc15.1 (2011-10341)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Windows security patch KB2536276 prevents access to samba shares\nSecurity update to 3.5.10, fixes CVE-2011-2522 and CVE-2011-2694\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=713648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725890\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063797.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a97ce7e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"samba-3.5.11-71.fc15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:07", "description": "Multiple vulnerabilities has been discovered and corrected in samba :\n\nAll current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT (CVE-2011-2522).\n\nAll current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the Change Password field, it is possible to insert arbitrary content into the user field (CVE-2011-2694).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-07-28T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2011:121)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64netapi-devel", "p-cpe:/a:mandriva:linux:lib64netapi0", "p-cpe:/a:mandriva:linux:lib64smbclient0", "p-cpe:/a:mandriva:linux:lib64smbclient0-devel", "p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes0", "p-cpe:/a:mandriva:linux:lib64talloc-devel", "p-cpe:/a:mandriva:linux:lib64talloc1", "p-cpe:/a:mandriva:linux:lib64tdb-devel", "p-cpe:/a:mandriva:linux:lib64tdb1", "p-cpe:/a:mandriva:linux:lib64wbclient-devel", "p-cpe:/a:mandriva:linux:lib64wbclient0", "p-cpe:/a:mandriva:linux:libnetapi-devel", "p-cpe:/a:mandriva:linux:libnetapi0", "p-cpe:/a:mandriva:linux:libsmbclient0", "p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes0", "p-cpe:/a:mandriva:linux:libtalloc-devel", "p-cpe:/a:mandriva:linux:libtalloc1", "p-cpe:/a:mandriva:linux:libtdb-devel", "p-cpe:/a:mandriva:linux:libtdb1", "p-cpe:/a:mandriva:linux:libwbclient-devel", "p-cpe:/a:mandriva:linux:libwbclient0", "p-cpe:/a:mandriva:linux:mount-cifs", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:samba-client", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-doc", "p-cpe:/a:mandriva:linux:samba-domainjoin-gui", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:samba-winbind", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-121.NASL", "href": "https://www.tenable.com/plugins/nessus/55709", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:121. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55709);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_xref(name:\"MDVSA\", value:\"2011:121\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2011:121)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in samba :\n\nAll current released versions of Samba are vulnerable to a cross-site\nrequest forgery in the Samba Web Administration Tool (SWAT). By\ntricking a user who is authenticated with SWAT into clicking a\nmanipulated URL on a different web page, it is possible to manipulate\nSWAT (CVE-2011-2522).\n\nAll current released versions of Samba are vulnerable to a cross-site\nscripting issue in the Samba Web Administration Tool (SWAT). On the\nChange Password field, it is possible to insert arbitrary content into\nthe user field (CVE-2011-2694).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2011-2694\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc1-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb1-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc1-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb1-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient-devel-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient0-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mount-cifs-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nss_wins-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-client-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-common-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-doc-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-server-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-swat-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-winbind-3.3.12-0.6mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient-devel-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient0-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mount-cifs-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nss_wins-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-client-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-common-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-doc-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-domainjoin-gui-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-server-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-swat-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-winbind-3.5.3-3.3mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:15", "description": "A cross-site request forgery (CSRF) and a cross-site scripting vulnerability have been fixed in samba's SWAT.\n\n - (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N). (CVE-2011-2522:\n CVSS v2 Base Score: 3.5)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Samba (ZYPP Patch Number 7671)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CIFS-MOUNT-7671.NASL", "href": "https://www.tenable.com/plugins/nessus/57166", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57166);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"SuSE 10 Security Update : Samba (ZYPP Patch Number 7671)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site request forgery (CSRF) and a cross-site scripting\nvulnerability have been fixed in samba's SWAT.\n\n - (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2 Base\n Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N). (CVE-2011-2522:\n CVSS v2 Base Score: 3.5)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2694.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7671.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"cifs-mount-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ldapsmb-1.34b-25.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libsmbclient-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libsmbclient-devel-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-client-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-krb-printing-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-vscan-0.3.6b-43.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-winbind-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"cifs-mount-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"ldapsmb-1.34b-25.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libmsrpc-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libmsrpc-devel-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libsmbclient-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libsmbclient-devel-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-client-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-krb-printing-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-python-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-vscan-0.3.6b-43.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-winbind-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.13.16.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.13.16.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:55", "description": "A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting vulnerability have been fixed in Samba's SWAT. CVE-2011-2522: CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Samba (SAT Patch Number 5000)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cifs-mount", "p-cpe:/a:novell:suse_linux:11:ldapsmb", "p-cpe:/a:novell:suse_linux:11:libsmbclient0", "p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:libtalloc1", "p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit", "p-cpe:/a:novell:suse_linux:11:libtdb1", "p-cpe:/a:novell:suse_linux:11:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:11:libwbclient0", "p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:samba", "p-cpe:/a:novell:suse_linux:11:samba-32bit", "p-cpe:/a:novell:suse_linux:11:samba-client", "p-cpe:/a:novell:suse_linux:11:samba-client-32bit", "p-cpe:/a:novell:suse_linux:11:samba-krb-printing", "p-cpe:/a:novell:suse_linux:11:samba-winbind", "p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CIFS-MOUNT-110815.NASL", "href": "https://www.tenable.com/plugins/nessus/57092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57092);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"SuSE 11.1 Security Update : Samba (SAT Patch Number 5000)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting\nvulnerability have been fixed in Samba's SWAT. CVE-2011-2522: CVSS v2\nBase Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2\nBase Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=675978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=710791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2694.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5000.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"cifs-mount-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libsmbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libtalloc1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libtdb1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-client-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-krb-printing-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-winbind-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"cifs-mount-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-krb-printing-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"cifs-mount-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ldapsmb-1.34b-11.27.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libsmbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libtalloc1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libtdb1-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libwbclient0-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-client-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-krb-printing-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-winbind-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libtalloc1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libtdb1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libwbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-client-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-winbind-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-32bit-3.4.3-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.4.3-1.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T16:38:49", "description": "According to its banner, the version of Samba is 3.5.x earlier than 3.5.10, or 3.4.x earlier than 3.4.14, or 3.3.x earlier than 3.3.16, and is therefore affected by multiple vulnerabilities :\n\n - A cross-site scripting vulnerability exists because of a failure to sanitize input to the username parameter of the 'passwd' program. (CVE-2011-2522)/n - A cross-site request forgery (CSRF) vulnerability exists which can allow SWAT to be manipulated when a user who is logged in as root is tricked into clicking specially crafted URLs sent by an attacker.\n\nNote that these issues are only exploitable when SWAT is enabled (SWAT is disabled by default) (CVE-2011-2694).", "cvss3": {}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*"], "id": "9343.PRM", "href": "https://www.tenable.com/plugins/nnm/9343", "sourceData": "Binary data 9343.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:24", "description": "According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is potentially affected by several vulnerabilities in the Samba Web Administration Tool (SWAT) :\n\n - A cross-site scripting vulnerability exists because of a failure to sanitize input to the username parameter of the 'passwd' program. (Issue #8289)\n\n - A cross-site request forgery (CSRF) vulnerability can allow SWAT to be manipulated when a user who is logged in as root is tricked into clicking specially crafted URLs sent by an attacker. (Issue #8290)\n\nNote that these issues are only exploitable when SWAT it enabled, and it is not enabled by default.\n\nAlso note that Nessus has relied only on the self-reported version number and has not actually determined whether SWAT is enabled, tried to exploit these issues, or determine if the associated patches have been applied.", "cvss3": {}, "published": "2011-07-29T00:00:00", "type": "nessus", "title": "Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_3_5_10.NASL", "href": "https://www.tenable.com/plugins/nessus/55733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55733);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48899, 48901);\n script_xref(name:\"EDB-ID\", value:\"17577\");\n script_xref(name:\"Secunia\", value:\"45393\");\n\n script_name(english:\"Samba 3.x < 3.3.16 / 3.4.14 / 3.5.10 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Samba\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote Samba server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Samba 3.x running on the\nremote host is earlier than 3.3.16 / 3.4.14 / 3.5.10. As such, it is\npotentially affected by several vulnerabilities in the Samba Web\nAdministration Tool (SWAT) :\n\n - A cross-site scripting vulnerability exists because of a\n failure to sanitize input to the username parameter of\n the 'passwd' program. (Issue #8289)\n\n - A cross-site request forgery (CSRF) vulnerability can\n allow SWAT to be manipulated when a user who is logged\n in as root is tricked into clicking specially crafted\n URLs sent by an attacker. (Issue #8290)\n\nNote that these issues are only exploitable when SWAT it enabled, and\nit is not enabled by default.\n\nAlso note that Nessus has relied only on the self-reported version\nnumber and has not actually determined whether SWAT is enabled, tried\nto exploit these issues, or determine if the associated patches have\nbeen applied.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either apply one of the patches referenced in the project's advisory\nor upgrade to 3.3.16 / 3.4.14 / 3.5.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.samba.org/show_bug.cgi?id=8289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.samba.org/show_bug.cgi?id=8290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2011-2522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2011-2694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-3.3.16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-3.4.14.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-3.5.10.html\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_kb_item(\"SMB/transport\");\n\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\nif (\"Samba\" >!< lanman) exit(0, \"The SMB service listening on port \"+port+\" is not running Samba.\");\nif (\"Samba 3\" >!< lanman) exit(0, \"The SMB service listening on port \"+port+\" is not running Samba 3.x.\");\n\nversion = lanman - 'Samba ';\nif (version =~ \"^3(\\.[345])?$\")\n exit(1, \"The Samba version, \"+version+\" is not granular enough to make a determination.\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 3 && ver[1] < 3) ||\n (ver[0] == 3 && ver[1] == 3 && ver[2] < 16) ||\n (ver[0] == 3 && ver[1] == 4 && ver[2] < 14) ||\n (ver[0] == 3 && ver[1] == 5 && ver[2] < 10)\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 3.3.16 / 3.4.14 / 3.5.10\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, 'Samba version '+version+' is listening on port '+port+' and not affected.');\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:14", "description": "A cross-site request forgery (CSRF) and a cross-site scripting vulnerability have been fixed in samba's SWAT.\n\n - (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N). (CVE-2011-2522:\n CVSS v2 Base Score: 3.5)", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Samba (ZYPP Patch Number 7656)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CIFS-MOUNT-7656.NASL", "href": "https://www.tenable.com/plugins/nessus/56601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56601);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"SuSE 10 Security Update : Samba (ZYPP Patch Number 7656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site request forgery (CSRF) and a cross-site scripting\nvulnerability have been fixed in samba's SWAT.\n\n - (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE-2011-2694: CVSS v2 Base\n Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N). (CVE-2011-2522:\n CVSS v2 Base Score: 3.5)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2522.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2694.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"cifs-mount-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"ldapsmb-1.34b-25.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libmsrpc-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libmsrpc-devel-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libsmbclient-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libsmbclient-devel-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-client-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-krb-printing-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-python-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-vscan-0.3.6b-43.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-winbind-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.13.16.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.13.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:31:25", "description": "A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting vulnerability have been fixed in samba's SWAT. CVE-2011-2522 and CVE-2011-2694 have been assigned.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ldapsmb (openSUSE-SU-2011:0998-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb0", "p-cpe:/a:novell:opensuse:libldb0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libtalloc2-32bit", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:libtevent0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LDAPSMB-110728.NASL", "href": "https://www.tenable.com/plugins/nessus/75890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ldapsmb-4939.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75890);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"openSUSE Security Update : ldapsmb (openSUSE-SU-2011:0998-1)\");\n script_summary(english:\"Check for the ldapsmb-4939 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting\nvulnerability have been fixed in samba's SWAT. CVE-2011-2522 and\nCVE-2011-2694 have been assigned.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=675978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ldapsmb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ldapsmb-1.34b-300.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb-devel-0.9.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb0-0.9.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb0-debuginfo-0.9.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi-devel-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient-devel-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes-devel-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc-devel-2.0.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-2.0.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-debuginfo-2.0.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb-devel-1.2.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-1.2.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-debuginfo-1.2.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent-devel-0.9.8-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-0.9.8-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-debuginfo-0.9.8-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient-devel-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debugsource-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-devel-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-debuginfo-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-2.0.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-debuginfo-32bit-2.0.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-32bit-1.2.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-debuginfo-32bit-1.2.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.5.7-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-3.5.7-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:33:07", "description": "A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting vulnerability have been fixed in samba's SWAT. CVE-2011-2522 and CVE-2011-2694 have been assigned.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ldapsmb (openSUSE-SU-2011:0998-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb0", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LDAPSMB-110727.NASL", "href": "https://www.tenable.com/plugins/nessus/75569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ldapsmb-4936.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75569);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"openSUSE Security Update : ldapsmb (openSUSE-SU-2011:0998-1)\");\n script_summary(english:\"Check for the ldapsmb-4936 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Cross-Site Request Forgery (CSRF) and a Cross Site Scripting\nvulnerability have been fixed in samba's SWAT. CVE-2011-2522 and\nCVE-2011-2694 have been assigned.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=643787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=675978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=705241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-09/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ldapsmb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"ldapsmb-1.34b-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libldb-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libldb0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libnetapi-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libnetapi0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsmbclient-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsmbclient0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsmbsharemodes-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsmbsharemodes0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtalloc-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtalloc2-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtdb-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtdb1-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtevent-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libtevent0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwbclient-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwbclient0-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"samba-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"samba-client-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"samba-devel-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"samba-krb-printing-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"samba-winbind-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"samba-32bit-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.5.4-5.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.5.4-5.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:09", "description": "Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. (CVE-2011-1678)\n\nJan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2724)\n\nDan Rosenberg discovered that Samba incorrectly handled the mtab lock file. A local attacker could use this issue to create a stale lock file, possibly leading to a denial of service. (CVE-2011-3585).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2011-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS : samba vulnerabilities (USN-1226-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724", "CVE-2011-3585"], "modified": "2020-01-13T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:smbfs", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1226-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1226-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56389);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2724\", \"CVE-2011-3585\");\n script_xref(name:\"USN\", value:\"1226-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS : samba vulnerabilities (USN-1226-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that Samba incorrectly handled changes to the\nmtab file. A local attacker could use this issue to corrupt the mtab\nfile, possibly leading to a denial of service. (CVE-2011-1678)\n\nJan Lieskovsky discovered that Samba incorrectly filtered certain\nstrings being added to the mtab file. A local attacker could use this\nissue to corrupt the mtab file, possibly leading to a denial of\nservice. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-2724)\n\nDan Rosenberg discovered that Samba incorrectly handled the mtab lock\nfile. A local attacker could use this issue to create a stale lock\nfile, possibly leading to a denial of service. (CVE-2011-3585).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1226-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected smbfs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2020 Canonical, Inc. / NASL script (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"smbfs\", pkgver:\"3.0.28a-1ubuntu4.16\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"smbfs\", pkgver:\"2:3.4.7~dfsg-1ubuntu3.8\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"smbfs\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:33:51", "description": "This update fixes an issue where /etc/mtab could be left in a corrupt state after mounting.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-07-25T00:00:00", "type": "nessus", "title": "Fedora 14 : cifs-utils-4.8.1-6.fc14 (2011-9269)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1678"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cifs-utils", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9269.NASL", "href": "https://www.tenable.com/plugins/nessus/55658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9269.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55658);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1678\");\n script_xref(name:\"FEDORA\", value:\"2011-9269\");\n\n script_name(english:\"Fedora 14 : cifs-utils-4.8.1-6.fc14 (2011-9269)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an issue where /etc/mtab could be left in a corrupt\nstate after mounting.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=695942\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63e4f531\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"cifs-utils-4.8.1-6.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T15:03:54", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that (CVE-2010-0547).", "cvss3": {}, "published": "2010-03-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cifs-mount (cifs-mount-2128)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cifs-mount", "p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc1", "p-cpe:/a:novell:opensuse:libtalloc1-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_CIFS-MOUNT-100312.NASL", "href": "https://www.tenable.com/plugins/nessus/45339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cifs-mount-2128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45339);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"openSUSE Security Update : cifs-mount (cifs-mount-2128)\");\n script_summary(english:\"Check for the cifs-mount-2128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that\n(CVE-2010-0547).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577925\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-mount packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cifs-mount-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"ldapsmb-1.34b-195.14\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libnetapi-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libnetapi0-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libsmbclient-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libsmbclient0-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libsmbsharemodes-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libsmbsharemodes0-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtalloc-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtalloc1-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtdb-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libtdb1-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libwbclient-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libwbclient0-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"samba-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"samba-client-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"samba-devel-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"samba-krb-printing-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"samba-winbind-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"samba-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.2.4-4.9\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.2.4-4.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-mount / ldapsmb / libnetapi-devel / libnetapi0 / etc\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:05:37", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that.\n(CVE-2010-0547)", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Samba (ZYPP Patch Number 6920)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CIFS-MOUNT-6920.NASL", "href": "https://www.tenable.com/plugins/nessus/45471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45471);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"SuSE 10 Security Update : Samba (ZYPP Patch Number 6920)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that.\n(CVE-2010-0547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0926.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6920.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"cifs-mount-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libsmbclient-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libsmbclient-devel-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"samba-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"samba-client-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"samba-krb-printing-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"samba-vscan-0.3.6b-42.85.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"samba-winbind-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"samba-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"cifs-mount-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libmsrpc-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libmsrpc-devel-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libsmbclient-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libsmbclient-devel-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-client-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-krb-printing-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-python-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-vscan-0.3.6b-42.85.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"samba-winbind-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"samba-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.32-0.18\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.32-0.18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:06:23", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that.\n(CVE-2010-0547)", "cvss3": {}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Samba (YOU Patch Number 12595)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12595.NASL", "href": "https://www.tenable.com/plugins/nessus/45453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45453);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"SuSE9 Security Update : Samba (YOU Patch Number 12595)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that.\n(CVE-2010-0547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0926.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12595.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-devel-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-client-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-doc-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-pdb-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-python-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-vscan-0.3.6b-0.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-winbind-3.0.26a-0.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libsmbclient-32bit-9-201003120118\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-32bit-9-201003120118\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-client-32bit-9-201003120118\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-9-201003120118\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:03:34", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that (CVE-2010-0547).", "cvss3": {}, "published": "2010-03-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cifs-mount (cifs-mount-2128)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cifs-mount", "p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc1", "p-cpe:/a:novell:opensuse:libtalloc1-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_CIFS-MOUNT-100315.NASL", "href": "https://www.tenable.com/plugins/nessus/45341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cifs-mount-2128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45341);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"openSUSE Security Update : cifs-mount (cifs-mount-2128)\");\n script_summary(english:\"Check for the cifs-mount-2128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that\n(CVE-2010-0547).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577925\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-mount packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cifs-mount-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"ldapsmb-1.34b-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libnetapi-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libnetapi0-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsmbclient-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsmbclient0-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsmbsharemodes-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libsmbsharemodes0-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libtalloc-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libtalloc1-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libtdb-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libtdb1-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwbclient-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libwbclient0-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"samba-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"samba-client-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"samba-devel-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"samba-krb-printing-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"samba-winbind-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"samba-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.4.3-3.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.4.3-3.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-mount / ldapsmb / libnetapi-devel / libnetapi0 / etc\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:03:39", "description": "With enabled 'wide links' Samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that.\n(CVE-2010-0547)", "cvss3": {}, "published": "2010-03-23T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Samba (SAT Patch Number 2126)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cifs-mount", "p-cpe:/a:novell:suse_linux:11:ldapsmb", "p-cpe:/a:novell:suse_linux:11:libsmbclient0", "p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:libtalloc1", "p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit", "p-cpe:/a:novell:suse_linux:11:libtdb1", "p-cpe:/a:novell:suse_linux:11:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:11:libwbclient0", "p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:samba", "p-cpe:/a:novell:suse_linux:11:samba-32bit", "p-cpe:/a:novell:suse_linux:11:samba-client", "p-cpe:/a:novell:suse_linux:11:samba-client-32bit", "p-cpe:/a:novell:suse_linux:11:samba-krb-printing", "p-cpe:/a:novell:suse_linux:11:samba-vscan", "p-cpe:/a:novell:suse_linux:11:samba-winbind", "p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CIFS-MOUNT-100312.NASL", "href": "https://www.tenable.com/plugins/nessus/45130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45130);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"SuSE 11 Security Update : Samba (SAT Patch Number 2126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' Samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that.\n(CVE-2010-0547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0926.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2126.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-vscan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"cifs-mount-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libsmbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libtalloc1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libtdb1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libwbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"samba-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"samba-client-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"samba-krb-printing-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"samba-vscan-0.3.6b-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"samba-winbind-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cifs-mount-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libsmbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtalloc1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtdb1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libwbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-client-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-client-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-krb-printing-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-vscan-0.3.6b-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-winbind-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"cifs-mount-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"ldapsmb-1.34b-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libsmbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libtalloc1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libtdb1-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libwbclient0-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"samba-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"samba-client-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"samba-krb-printing-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"samba-winbind-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libtalloc1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libtdb1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libwbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"samba-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"samba-client-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"samba-winbind-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"samba-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"samba-client-32bit-3.2.7-11.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.2.7-11.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:04:36", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that (CVE-2010-0547).", "cvss3": {}, "published": "2010-03-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : cifs-mount (cifs-mount-2128)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cifs-mount", "p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc1", "p-cpe:/a:novell:opensuse:libtalloc1-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-vscan", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_CIFS-MOUNT-100312.NASL", "href": "https://www.tenable.com/plugins/nessus/45340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cifs-mount-2128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45340);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"openSUSE Security Update : cifs-mount (cifs-mount-2128)\");\n script_summary(english:\"Check for the cifs-mount-2128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that\n(CVE-2010-0547).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=577925\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-mount packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-vscan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"cifs-mount-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"ldapsmb-1.34b-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libnetapi-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libnetapi0-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libsmbclient-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libsmbclient0-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libsmbsharemodes-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libsmbsharemodes0-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtalloc-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtalloc1-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtdb-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libtdb1-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libwbclient-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libwbclient0-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-client-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-devel-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-krb-printing-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-vscan-0.3.6b-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"samba-winbind-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"samba-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.2.7-11.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.2.7-11.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-mount / ldapsmb / libnetapi-devel / libnetapi0 / etc\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:24:59", "description": "The remote host is affected by the vulnerability described in GLSA-201206-29 (mount-cifs: Multiple vulnerabilites)\n\n Multiple vulnerabilities have been discovered in mount-cifs. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow local users to cause a denial of service (mtab corruption) via a crafted string. Also, local users could mount a CIFS share on an arbitrary mountpoint, and gain privileges via a symlink attack on the mountpoint directory file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-06-26T00:00:00", "type": "nessus", "title": "GLSA-201206-29 : mount-cifs: Multiple vulnerabilites", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mount-cifs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-29.NASL", "href": "https://www.tenable.com/plugins/nessus/59702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-29.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59702);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\");\n script_bugtraq_id(37992, 38326);\n script_xref(name:\"GLSA\", value:\"201206-29\");\n\n script_name(english:\"GLSA-201206-29 : mount-cifs: Multiple vulnerabilites\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-29\n(mount-cifs: Multiple vulnerabilites)\n\n Multiple vulnerabilities have been discovered in mount-cifs. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow local users to cause a denial of service (mtab\n corruption) via a crafted string. Also, local users could mount a CIFS\n share on an arbitrary mountpoint, and gain privileges via a symlink\n attack on the mountpoint directory file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Gentoo has discontinued support for mount-cifs. We recommend that users\n unmerge mount-cifs:\n # emerge --unmerge 'net-fs/mount-cifs'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/mount-cifs\", unaffected:make_list(), vulnerable:make_list(\"le 3.0.30\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mount-cifs\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:08", "description": "With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files (CVE-2010-0926). This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt /etc/mtab if mount.cifs is installed setuid root. mount.cifs is not setuid root by default and it's not recommended to change that.\n(CVE-2010-0547)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Samba (ZYPP Patch Number 6921)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0926"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CIFS-MOUNT-6921.NASL", "href": "https://www.tenable.com/plugins/nessus/49834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49834);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0926\");\n\n script_name(english:\"SuSE 10 Security Update : Samba (ZYPP Patch Number 6921)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With enabled 'wide links' samba follows symbolic links on the server\nside, therefore allowing clients to overwrite arbitrary files\n(CVE-2010-0926). This update changes the default setting to have 'wide\nlinks' disabled by default. The new default only works if 'wide links'\nis not set explicitly in smb.conf.\n\nDue to a race condition in mount.cifs a local attacker could corrupt\n/etc/mtab if mount.cifs is installed setuid root. mount.cifs is not\nsetuid root by default and it's not recommended to change that.\n(CVE-2010-0547)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0926.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6921.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_cwe_id(20, 22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"cifs-mount-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"ldapsmb-1.34b-25.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"libsmbclient-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"libsmbclient-devel-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"samba-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"samba-client-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"samba-krb-printing-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"samba-vscan-0.3.6b-43.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"samba-winbind-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"cifs-mount-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"ldapsmb-1.34b-25.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libmsrpc-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libmsrpc-devel-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libsmbclient-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"libsmbclient-devel-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-client-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-krb-printing-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-python-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-vscan-0.3.6b-43.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"samba-winbind-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:08:58", "description": "Multiple vulnerabilies has been found and corrected in samba :\n\nclient/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string (CVE-2010-0547).\n\nclient/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file (CVE-2010-0787).\n\nThe updated packages have been patched to correct these issues.\n\nUpdate :\n\nIt was discovered that the previous Samba update required libtalloc from Samba4 package. Therefore, this update provides the required packages in order to fix the issue.", "cvss3": {}, "published": "2010-05-05T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2010:090-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547", "CVE-2010-0787"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ldb-utils", "p-cpe:/a:mandriva:linux:lib64dcerpc-devel", "p-cpe:/a:mandriva:linux:lib64dcerpc0", "p-cpe:/a:mandriva:linux:lib64ldb-devel", "p-cpe:/a:mandriva:linux:lib64ldb0", "p-cpe:/a:mandriva:linux:lib64ndr-devel", "p-cpe:/a:mandriva:linux:lib64ndr0", "p-cpe:/a:mandriva:linux:lib64samba-hostconfig-devel", "p-cpe:/a:mandriva:linux:lib64samba-hostconfig0", "p-cpe:/a:mandriva:linux:lib64talloc-devel", "p-cpe:/a:mandriva:linux:lib64talloc1", "p-cpe:/a:mandriva:linux:lib64tdb-devel", "p-cpe:/a:mandriva:linux:lib64tdb1", "p-cpe:/a:mandriva:linux:lib64tevent-devel", "p-cpe:/a:mandriva:linux:lib64tevent0", "p-cpe:/a:mandriva:linux:libdcerpc-devel", "p-cpe:/a:mandriva:linux:libdcerpc0", "p-cpe:/a:mandriva:linux:libldb-devel", "p-cpe:/a:mandriva:linux:libldb0", "p-cpe:/a:mandriva:linux:libndr-devel", "p-cpe:/a:mandriva:linux:libndr0", "p-cpe:/a:mandriva:linux:libsamba-hostconfig-devel", "p-cpe:/a:mandriva:linux:libsamba-hostconfig0", "p-cpe:/a:mandriva:linux:libtalloc-devel", "p-cpe:/a:mandriva:linux:libtalloc1", "p-cpe:/a:mandriva:linux:libtdb-devel", "p-cpe:/a:mandriva:linux:libtdb1", "p-cpe:/a:mandriva:linux:libtevent-devel", "p-cpe:/a:mandriva:linux:libtevent0", "p-cpe:/a:mandriva:linux:mount-cifs4", "p-cpe:/a:mandriva:linux:samba4-client", "p-cpe:/a:mandriva:linux:samba4-common", "p-cpe:/a:mandriva:linux:samba4-devel", "p-cpe:/a:mandriva:linux:samba4-pidl", "p-cpe:/a:mandriva:linux:samba4-python", "p-cpe:/a:mandriva:linux:samba4-server", "p-cpe:/a:mandriva:linux:samba4-test", "p-cpe:/a:mandriva:linux:tdb-utils", "cpe:/o:mandriva:linux:2010.0"], "id": "MANDRIVA_MDVSA-2010-090.NASL", "href": "https://www.tenable.com/plugins/nessus/46227", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:090. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46227);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\");\n script_bugtraq_id(37992, 38326);\n script_xref(name:\"MDVSA\", value:\"2010:090-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2010:090-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilies has been found and corrected in samba :\n\nclient/mount.cifs.c in mount.cifs in smbfs in Samba does not verify\nthat the (1) device name and (2) mountpoint strings are composed of\nvalid characters, which allows local users to cause a denial of\nservice (mtab corruption) via a crafted string (CVE-2010-0547).\n\nclient/mount.cifs.c in mount.cifs in smbfs in Samba allows local users\nto mount a CIFS share on an arbitrary mountpoint, and gain privileges,\nvia a symlink attack on the mountpoint directory file (CVE-2010-0787).\n\nThe updated packages have been patched to correct these issues.\n\nUpdate :\n\nIt was discovered that the previous Samba update required libtalloc\nfrom Samba4 package. Therefore, this update provides the required\npackages in order to fix the issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ldb-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64dcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64dcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ldb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64samba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64samba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libldb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tdb-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ldb-utils-0.9.3-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64dcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64dcerpc0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ldb-devel-0.9.3-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ldb0-0.9.3-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ndr-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ndr0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64samba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64samba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64talloc-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64talloc1-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tdb-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tdb1-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tevent-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64tevent0-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdcerpc-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdcerpc0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libldb-devel-0.9.3-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libldb0-0.9.3-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libndr-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libndr0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsamba-hostconfig-devel-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libsamba-hostconfig0-0.0.1-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtalloc-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtalloc1-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtdb-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtdb1-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtevent-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libtevent0-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"mount-cifs4-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-client-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-common-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-devel-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-pidl-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-python-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-server-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"samba4-test-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tdb-utils-4.0.0-0.4.alpha8.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:04:39", "description": "Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points.\n\n - CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.", "cvss3": {}, "published": "2010-03-02T00:00:00", "type": "nessus", "title": "Debian DSA-2004-1 : samba - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3297", "CVE-2010-0547", "CVE-2010-0787"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:samba", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2004.NASL", "href": "https://www.tenable.com/plugins/nessus/44950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2004. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44950);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\");\n script_bugtraq_id(36936, 37019, 37036, 37068, 37069, 37339, 37519, 37523, 37724, 37762, 37906, 37992, 38058, 38144, 38165, 38326);\n script_xref(name:\"DSA\", value:\"2004\");\n\n script_name(english:\"Debian DSA-2004-1 : samba - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two local vulnerabilities have been discovered in samba, a SMB/CIFS\nfile, print, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2009-3297\n Ronald Volgers discovered that a race condition in\n mount.cifs allows local users to mount remote\n filesystems over arbitrary mount points.\n\n - CVE-2010-0547\n Jeff Layton discovered that missing input sanitising in\n mount.cifs allows denial of service by corrupting\n /etc/mtab.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2004\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny9.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libpam-smbpass\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsmbclient\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libsmbclient-dev\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libwbclient0\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba-common\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba-dbg\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba-doc\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba-doc-pdf\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"samba-tools\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"smbclient\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"smbfs\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"swat\", reference:\"2:3.2.5-4lenny9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"winbind\", reference:\"2:3.2.5-4lenny9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:24:56", "description": "The remote host is affected by the vulnerability described in GLSA-201206-22 (Samba: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, take ownership of shared files, or bypass file permissions. Furthermore, a local attacker may be able to cause a Denial of Service condition or obtain sensitive information in a Samba credentials file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-22 : Samba: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2906", "CVE-2009-2948", "CVE-2010-0728", "CVE-2010-1635", "CVE-2010-1642", "CVE-2010-2063", "CVE-2010-3069", "CVE-2011-0719", "CVE-2011-1678", "CVE-2011-2724", "CVE-2012-0870", "CVE-2012-1182", "CVE-2012-2111"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:samba", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-22.NASL", "href": "https://www.tenable.com/plugins/nessus/59675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59675);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2906\", \"CVE-2009-2948\", \"CVE-2010-0728\", \"CVE-2010-1635\", \"CVE-2010-1642\", \"CVE-2010-2063\", \"CVE-2010-3069\", \"CVE-2011-0719\", \"CVE-2011-1678\", \"CVE-2011-2724\", \"CVE-2012-0870\", \"CVE-2012-1182\", \"CVE-2012-2111\");\n script_bugtraq_id(36572, 36573, 38326, 38606, 40097, 40884, 43212, 46597, 49939, 52103, 52973, 53307);\n script_xref(name:\"GLSA\", value:\"201206-22\");\n\n script_name(english:\"GLSA-201206-22 : Samba: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-22\n(Samba: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Samba. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with root\n privileges, cause a Denial of Service condition, take ownership of shared\n files, or bypass file permissions. Furthermore, a local attacker may be\n able to cause a Denial of Service condition or obtain sensitive\n information in a Samba credentials file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Samba users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/samba-3.5.15'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/samba\", unaffected:make_list(\"ge 3.5.15\"), vulnerable:make_list(\"lt 3.5.15\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Samba\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:39", "description": "a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.\n c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.\n A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.\n d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.\n e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.\n Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.\n f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues.\n g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues.\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0001.NASL", "href": "https://www.tenable.com/plugins/nessus/57749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0001. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57749);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2010-1634\", \"CVE-2010-2059\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2010-4649\", \"CVE-2011-0695\", \"CVE-2011-0711\", \"CVE-2011-0726\", \"CVE-2011-1015\", \"CVE-2011-1044\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1163\", \"CVE-2011-1166\", \"CVE-2011-1170\", \"CVE-2011-1171\", \"CVE-2011-1172\", \"CVE-2011-1182\", \"CVE-2011-1494\", \"CVE-2011-1495\", \"CVE-2011-1521\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1593\", \"CVE-2011-1678\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1763\", \"CVE-2011-1776\", \"CVE-2011-1780\", \"CVE-2011-1936\", \"CVE-2011-2022\", \"CVE-2011-2192\", \"CVE-2011-2213\", \"CVE-2011-2482\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2517\", \"CVE-2011-2519\", \"CVE-2011-2522\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2694\", \"CVE-2011-2901\", \"CVE-2011-3378\");\n script_bugtraq_id(36097, 37203, 37992, 38326, 40370, 40863, 44533, 46073, 46417, 46488, 46541, 46616, 46793, 46839, 46878, 46919, 47003, 47024, 47308, 47343, 47497, 47534, 47535, 47791, 47796, 47843, 48048, 48058, 48333, 48441, 48538, 48641, 48677, 48899, 48901, 49141, 49370, 49373, 49375, 49408, 49939);\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. ESX third-party update for Service Console kernel\n \n The ESX Service Console Operating System (COS) kernel is updated to\n kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the\n COS kernel.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,\n CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,\n CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,\n CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,\n CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,\n CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745,\n CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,\n CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525,\n CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495,\n CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.\n \nb. ESX third-party update for Service Console cURL RPM\n \n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9\n resolving a security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2011-2192 to this issue.\n \nc. ESX third-party update for Service Console nspr and nss RPMs\n \n The ESX Service Console (COS) nspr and nss RPMs are updated to\n nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving\n a security issues.\n \n A Certificate Authority (CA) issued fraudulent SSL certificates and\n Netscape Portable Runtime (NSPR) and Network Security Services (NSS)\n contain the built-in tokens of this fraudulent Certificate\n Authority. This update renders all SSL certificates signed by the\n fraudulent CA as untrusted for all uses.\n \nd. ESX third-party update for Service Console rpm RPMs\n \n The ESX Service Console Operating System (COS) rpm packages are\n updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,\n rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2\n which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-2059 and CVE-2011-3378 to these\n issues.\n \ne. ESX third-party update for Service Console samba RPMs\n \n The ESX Service Console Operating System (COS) samba packages are\n updated to samba-client-3.0.33-3.29.el5_7.4,\n samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security\n issues in the Samba client.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,\n CVE-2011-2522 and CVE-2011-2694 to these issues.\n \n Note that ESX does not include the Samba Web Administration Tool\n (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and\n CVE-2011-2694.\n \nf. ESX third-party update for Service Console python package\n \n The ESX Service Console (COS) python package is updated to\n 2.4.3-44 which fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and\n CVE-2011-1521 to these issues.\n \ng. ESXi update to third-party component python\n \n The python third-party library is updated to python 2.5.6 which\n fixes multiple security issues.\n \n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,\n CVE-2010-2089, and CVE-2011-1521 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000170.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-01-30\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203401-SG\",\n patch_updates : make_list(\"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203402-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203403-SG\")) flag++;\nif (esx_check(ver:\"ESX 4.0\", patch:\"ESX400-201203404-SG\")) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203405-SG\",\n patch_updates : make_list(\"ESX400-201209404-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201401-SG\",\n patch_updates : make_list(\"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201402-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201404-SG\",\n patch_updates : make_list(\"ESX410-201211405-SG\", \"ESX410-201307402-SG\", \"ESX410-201312403-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201405-SG\",\n patch_updates : make_list(\"ESX410-201211407-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201406-SG\",\n patch_updates : make_list(\"ESX410-201208105-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201407-SG\",\n patch_updates : make_list(\"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201203401-SG\",\n patch_updates : make_list(\"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201201401-SG\",\n patch_updates : make_list(\"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-0.10.608089\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:33:50", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries :\n\n - COS kernel\n - cURL\n - python\n - rpm", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0547", "CVE-2010-0787", "CVE-2010-1634", "CVE-2010-2059", "CVE-2010-2089", "CVE-2010-3493", "CVE-2010-4649", "CVE-2011-0695", "CVE-2011-0711", "CVE-2011-0726", "CVE-2011-1015", "CVE-2011-1044", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1166", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-1182", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1521", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1593", "CVE-2011-1678", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1763", "CVE-2011-1776", "CVE-2011-1780", "CVE-2011-1936", "CVE-2011-2022", "CVE-2011-2192", "CVE-2011-2213", "CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2522", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2694", "CVE-2011-2901", "CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0001_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89105);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2010-0547\",\n \"CVE-2010-0787\",\n \"CVE-2010-1634\",\n \"CVE-2010-2059\",\n \"CVE-2010-2089\",\n \"CVE-2010-3493\",\n \"CVE-2010-4649\",\n \"CVE-2011-0695\",\n \"CVE-2011-0711\",\n \"CVE-2011-0726\",\n \"CVE-2011-1015\",\n \"CVE-2011-1044\",\n \"CVE-2011-1078\",\n \"CVE-2011-1079\",\n \"CVE-2011-1080\",\n \"CVE-2011-1093\",\n \"CVE-2011-1163\",\n \"CVE-2011-1166\",\n \"CVE-2011-1170\",\n \"CVE-2011-1171\",\n \"CVE-2011-1172\",\n \"CVE-2011-1182\",\n \"CVE-2011-1494\",\n \"CVE-2011-1495\",\n \"CVE-2011-1521\",\n \"CVE-2011-1573\",\n \"CVE-2011-1576\",\n \"CVE-2011-1577\",\n \"CVE-2011-1593\",\n \"CVE-2011-1678\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1763\",\n \"CVE-2011-1776\",\n \"CVE-2011-1780\",\n \"CVE-2011-1936\",\n \"CVE-2011-2022\",\n \"CVE-2011-2192\",\n \"CVE-2011-2213\",\n \"CVE-2011-2482\",\n \"CVE-2011-2491\",\n \"CVE-2011-2492\",\n \"CVE-2011-2495\",\n \"CVE-2011-2517\",\n \"CVE-2011-2519\",\n \"CVE-2011-2522\",\n \"CVE-2011-2525\",\n \"CVE-2011-2689\",\n \"CVE-2011-2694\",\n \"CVE-2011-2901\",\n \"CVE-2011-3378\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 37992,\n 38326,\n 40370,\n 40863,\n 44533,\n 46073,\n 46417,\n 46488,\n 46541,\n 46616,\n 46793,\n 46839,\n 46878,\n 46919,\n 47003,\n 47024,\n 47308,\n 47343,\n 47497,\n 47534,\n 47535,\n 47791,\n 47796,\n 47843,\n 48048,\n 48058,\n 48333,\n 48441,\n 48538,\n 48641,\n 48677,\n 48899,\n 48901,\n 49141,\n 49370,\n 49373,\n 49375,\n 49408,\n 49939\n );\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n\n script_name(english:\"VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)\");\n script_summary(english:\"Checks the remote ESX/ESXi host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\nlibraries :\n\n - COS kernel\n - cURL\n - python\n - rpm\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 59, 119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 4.0\", 660575,\n \"ESXi 4.0\", 660575,\n \"ESX 4.1\", 582267,\n \"ESXi 4.1\", 582267,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2011:1220 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2011:1220 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017971.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881274\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\",\n \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1220\");\n script_name(\"CentOS Update for samba3x CESA-2011:1220 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-08T12:58:43", "description": "Check for the Version of samba and cifs-utils", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for samba and cifs-utils RHSA-2011:1221-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:870708", "href": "http://plugins.openvas.org/nasl.php?oid=870708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba and cifs-utils RHSA-2011:1221-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information. The cifs-utils package contains utilities for mounting\n and managing CIFS (Common Internet File System) shares.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n It was found that the fix for CVE-2010-0547, provided in the cifs-utils\n package included in the GA release of Red Hat Enterprise Linux 6, was\n incomplete. The mount.cifs tool did not properly handle share or directory\n names containing a newline character, allowing a local attacker to corrupt\n the mtab (mounted file systems table) file via a specially-crafted CIFS\n share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the cifs-utils package distributed by Red Hat does\n not have the setuid bit set. We recommend that administrators do not\n manually set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n\n This update also fixes the following bug:\n\n * If plain text passwords were used (&quot;encrypt passwords = no&quot; in\n &quot;/etc/samba/smb.conf&quot;), Samba clients running the Windows XP or Windows\n Server 2003 operating system may not have been able to access Samba shares\n after installing the Micros ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"samba and cifs-utils on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00023.html\");\n script_id(870708);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:51:10 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\",\n \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1221-01\");\n script_name(\"RedHat Update for samba and cifs-utils RHSA-2011:1221-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba and cifs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~2.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cifs-utils-debuginfo\", rpm:\"cifs-utils-debuginfo~4.8.1~2.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:01", "description": "Check for the Version of samba3x", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2011:1220 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:881274", "href": "http://plugins.openvas.org/nasl.php?oid=881274", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2011:1220 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba3x on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017971.html\");\n script_id(881274);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\",\n \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1220\");\n script_name(\"CentOS Update for samba3x CESA-2011:1220 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba3x\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "RedHat Update for samba3x RHSA-2011:1220-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2011:1220-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00022.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870475\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1220-01\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"RedHat Update for samba3x RHSA-2011:1220-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"samba3x on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:36", "description": "Check for the Version of samba3x", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2011:1220 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880985", "href": "http://plugins.openvas.org/nasl.php?oid=880985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2011:1220 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba3x on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017970.html\");\n script_id(880985);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1220\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"CentOS Update for samba3x CESA-2011:1220 centos5 i386\");\n\n script_summary(\"Check for the Version of samba3x\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:00", "description": "Check for the Version of samba3x", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "RedHat Update for samba3x RHSA-2011:1220-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870475", "href": "http://plugins.openvas.org/nasl.php?oid=870475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2011:1220-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba3x on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00022.html\");\n script_id(870475);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1220-01\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"RedHat Update for samba3x RHSA-2011:1220-01\");\n\n script_summary(\"Check for the Version of samba3x\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2011:1220 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2011:1220 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017970.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880985\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1220\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"CentOS Update for samba3x CESA-2011:1220 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n It was found that the fix for CVE-2010-0547, provided by the Samba rebase\n in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\n handle share or directory names containing a newline character, allowing a\n local attacker to corrupt the mtab (mounted file systems table) file via a\n specially-crafted CIFS (Common Internet File System) share mount request,\n if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba3x packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for samba and cifs-utils RHSA-2011:1221-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba and cifs-utils RHSA-2011:1221-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870708\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:51:10 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\",\n \"CVE-2011-2724\", \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1221-01\");\n script_name(\"RedHat Update for samba and cifs-utils RHSA-2011:1221-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba and cifs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"samba and cifs-utils on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information. The cifs-utils package contains utilities for mounting\n and managing CIFS (Common Internet File System) shares.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n It was found that the fix for CVE-2010-0547, provided in the cifs-utils\n package included in the GA release of Red Hat Enterprise Linux 6, was\n incomplete. The mount.cifs tool did not properly handle share or directory\n names containing a newline character, allowing a local attacker to corrupt\n the mtab (mounted file systems table) file via a specially-crafted CIFS\n share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the cifs-utils package distributed by Red Hat does\n not have the setuid bit set. We recommend that administrators do not\n manually set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\n acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\n original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\n as the original reporter of CVE-2011-2522.\n\n This update also fixes the following bug:\n\n * If plain text passwords were used ('encrypt passwords = no' in\n '/etc/samba/smb.conf'), Samba clients running the Windows XP or Windows\n Server 2003 operating system may not have been able to access Samba shares\n after installing the Micros ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~2.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cifs-utils-debuginfo\", rpm:\"cifs-utils-debuginfo~4.8.1~2.el6_1.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.6~86.el6_1.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:39", "description": "Oracle Linux Local Security Checks ELSA-2011-1220", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1220", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122101", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1220.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122101\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1220\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1220 - samba3x security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1220\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1220.html\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.4~0.83.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "description": "Oracle Linux Local Security Checks ELSA-2011-1221", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1221", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724", "CVE-2011-3585", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1221.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122099\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:03 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1221\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1221 - samba and cifs-utils security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1221\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1221.html\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2011-3585\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~2.el6_1.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.5.6~86.el6_1.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880969\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"samba on CentOS 4\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:54", "description": "Check for the Version of libsmbclient", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881285", "href": "http://plugins.openvas.org/nasl.php?oid=881285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\");\n script_id(881285);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:06 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:32", "description": "Check for the Version of samba", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881388", "href": "http://plugins.openvas.org/nasl.php?oid=881388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\");\n script_id(881388);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:39:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:37", "description": "Check for the Version of libsmbclient", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880981", "href": "http://plugins.openvas.org/nasl.php?oid=880981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\");\n script_id(880981);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\");\n\n script_summary(\"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-23T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880981", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880981\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of samba", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880969", "href": "http://plugins.openvas.org/nasl.php?oid=880969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\");\n script_id(880969);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 i386\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:01", "description": "Check for the Version of samba", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "RedHat Update for samba RHSA-2011:1219-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870477", "href": "http://plugins.openvas.org/nasl.php?oid=870477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2011:1219-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"samba on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00021.html\");\n script_id(870477);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1219-01\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"RedHat Update for samba RHSA-2011:1219-01\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-09-07T00:00:00", "type": "openvas", "title": "RedHat Update for samba RHSA-2011:1219-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870477", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2011:1219-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870477\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1219-01\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"RedHat Update for samba RHSA-2011:1219-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881285\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:06 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881388\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:39:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"samba on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:06", "description": "Oracle Linux Local Security Checks ELSA-2011-1219", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1219", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122100", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1219.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122100\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1219\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1219 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1219\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1219.html\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:43", "description": "Check for the Version of samba", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2011:148 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-1089"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831466", "href": "http://plugins.openvas.org/nasl.php?oid=831466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2011:148 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n samba/cifs-utils:\n\n smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to\n append to the /etc/mtab file and (2) umount.cifs to append to the\n /etc/mtab.tmp file without first checking whether resource limits\n would interfere, which allows local users to trigger corruption of\n the /etc/mtab file via a process with a small RLIMIT_FSIZE value,\n a related issue to CVE-2011-1089 (CVE-2011-1678).\n \n The check_mtab function in client/mount.cifs.c in mount.cifs in\n smbfs in Samba 3.5.10 and earlier does not properly verify that the\n (1) device name and (2) mountpoint strings are composed of valid\n characters, which allows local users to cause a denial of service\n (mtab corruption) via a crafted string. NOTE: this vulnerability\n exists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724).\n \n Additionally for Mandriva Linux 2010.2 the cifs-utils package has been\n upgraded to the 4.8.1 version that brings numerous additional fixes.\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00023.php\");\n script_id(831466);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2011:148\");\n script_cve_id(\"CVE-2011-1089\", \"CVE-2011-1678\", \"CVE-2010-0547\", \"CVE-2011-2724\");\n script_name(\"Mandriva Update for samba MDVSA-2011:148 (samba)\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2011:148 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-1089"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2011:148 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00023.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831466\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"MDVSA\", value:\"2011:148\");\n script_cve_id(\"CVE-2011-1089\", \"CVE-2011-1678\", \"CVE-2010-0547\", \"CVE-2011-2724\");\n script_name(\"Mandriva Update for samba MDVSA-2011:148 (samba)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"samba on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in\n samba/cifs-utils:\n\n smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to\n append to the /etc/mtab file and (2) umount.cifs to append to the\n /etc/mtab.tmp file without first checking whether resource limits\n would interfere, which allows local users to trigger corruption of\n the /etc/mtab file via a process with a small RLIMIT_FSIZE value,\n a related issue to CVE-2011-1089 (CVE-2011-1678).\n\n The check_mtab function in client/mount.cifs.c in mount.cifs in\n smbfs in Samba 3.5.10 and earlier does not properly verify that the\n (1) device name and (2) mountpoint strings are composed of valid\n characters, which allows local users to cause a denial of service\n (mtab corruption) via a crafted string. NOTE: this vulnerability\n exists because of an incorrect fix for CVE-2010-0547 (CVE-2011-2724).\n\n Additionally for Mandriva Linux 2010.2 the cifs-utils package has been\n upgraded to the 4.8.1 version that brings numerous additional fixes.\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.7mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.7mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:40:02", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1226-2", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for cifs-utils USN-1226-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1226_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for cifs-utils USN-1226-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1226-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840765\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1226-2\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2724\");\n script_name(\"Ubuntu Update for cifs-utils USN-1226-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1226-2\");\n script_tag(name:\"affected\", value:\"cifs-utils on Ubuntu 11.04,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the\n mtab file. A local attacker could use this issue to corrupt the mtab file,\n possibly leading to a denial of service. (CVE-2011-1678)\n\n Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain\n strings being added to the mtab file. A local attacker could use this issue\n to corrupt the mtab file, possibly leading to a denial of service.\n (CVE-2011-2724)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"smbfs\", ver:\"2:4.5-2ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"smbfs\", ver:\"2:4.5-2ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-12-04T11:27:10", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1226-2", "cvss3": {}, "published": "2011-10-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for cifs-utils USN-1226-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1678", "CVE-2011-2724"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840765", "href": "http://plugins.openvas.org/nasl.php?oid=840765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1226_2.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for cifs-utils USN-1226-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the\n mtab file. A local attacker could use this issue to corrupt the mtab file,\n possibly leading to a denial of service. (CVE-2011-1678)\n\n Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain\n strings being added to the mtab file. A local attacker could use this issue\n to corrupt the mtab file, possibly leading to a denial of service.\n (CVE-2011-2724)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1226-2\";\ntag_affected = \"cifs-utils on Ubuntu 11.04 ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1226-2/\");\n script_id(840765);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1226-2\");\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2724\");\n script_name(\"Ubuntu Update for cifs-utils USN-1226-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"smbfs\", ver:\"2:4.5-2ubuntu0.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"smbfs\", ver:\"2:4.5-2ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-9831", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-9831\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063521.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863406\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9831\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-9831\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cifs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"cifs-utils on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~5.0~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-10028", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-10028\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064316.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863767\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:13:55 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-10028\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-10028\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cifs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"cifs-utils on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~5.0~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:19", "description": "Check for the Version of cifs-utils", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-9831", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863406", "href": "http://plugins.openvas.org/nasl.php?oid=863406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-9831\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cifs-utils on Fedora 15\";\ntag_insight = \"The SMB/CIFS protocol is a standard file sharing protocol widely deployed\n on Microsoft Windows machines. This package contains tools for mounting\n shares on Linux using the SMB/CIFS protocol. The tools in this package\n work in conjunction with support in the kernel to allow one to mount a\n SMB/CIFS share onto a client and use it as if it were a standard Linux\n file system.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063521.html\");\n script_id(863406);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9831\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-9831\");\n\n script_summary(\"Check for the Version of cifs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~5.0~2.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-9847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-9847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063497.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863410\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-9847\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-9847\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cifs-utils'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"cifs-utils on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~7.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:58:02", "description": "Check for the Version of cifs-utils", "cvss3": {}, "published": "2012-03-19T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-10028", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:863767", "href": "http://plugins.openvas.org/nasl.php?oid=863767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-10028\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cifs-utils on Fedora 16\";\ntag_insight = \"The SMB/CIFS protocol is a standard file sharing protocol widely deployed\n on Microsoft Windows machines. This package contains tools for mounting\n shares on Linux using the SMB/CIFS protocol. The tools in this package\n work in conjunction with support in the kernel to allow one to mount a\n SMB/CIFS share onto a client and use it as if it were a standard Linux\n file system.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064316.html\");\n script_id(863767);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:13:55 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-10028\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-10028\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cifs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~5.0~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:09", "description": "Samba is prone to a remote denial-of-service vulnerability.", "cvss3": {}, "published": "2010-02-22T00:00:00", "type": "openvas", "title": "Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2018-07-04T00:00:00", "id": "OPENVAS:1361412562310100499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100499", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: samba_38326.nasl 10398 2018-07-04 12:11:48Z cfischer $\n#\n# Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:samba:samba\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100499\");\n script_version(\"$Revision: 10398 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-04 14:11:48 +0200 (Wed, 04 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-22 14:49:01 +0100 (Mon, 22 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_bugtraq_id(38326);\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-2724\");\n script_name(\"Samba 'client/mount.cifs.c' Remote Denial of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Denial of Service\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"smb_nativelanman.nasl\", \"gb_samba_detect.nasl\");\n script_mandatory_keys(\"samba/smb_or_ssh/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/38326\");\n script_xref(name:\"URL\", value:\"http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054\");\n script_xref(name:\"URL\", value:\"http://us1.samba.org/samba/\");\n\n script_tag(name:\"summary\", value:\"Samba is prone to a remote denial-of-service vulnerability.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker can exploit this issue to crash the affected\n application, denying service to legitimate users.\");\n\n script_tag(name:\"affected\", value:\"Samba 3.5.10 and earlier are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Samba version 3.5.11 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nvers = infos['version'];\nloc = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"3.5.11\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"3.5.11 or later\", install_path:loc );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of cifs-utils", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Fedora Update for cifs-utils FEDORA-2011-9847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0547", "CVE-2011-2724"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863410", "href": "http://plugins.openvas.org/nasl.php?oid=863410", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cifs-utils FEDORA-2011-9847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cifs-utils on Fedora 14\";\ntag_insight = \"The SMB/CIFS protocol is a standard file sharing protocol widely deployed\n on Microsoft Windows machines. This package contains tools for mounting\n shares on Linux using the SMB/CIFS protocol. The tools in this package\n work in conjunction with support in the kernel to allow one to mount a\n SMB/CIFS share onto a client and use it as if it were a standard Linux\n file system.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063497.html\");\n script_id(863410);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9847\");\n script_cve_id(\"CVE-2011-2724\", \"CVE-2010-0547\");\n script_name(\"Fedora Update for cifs-utils FEDORA-2011-9847\");\n\n script_summary(\"Check for the Version of cifs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"cifs-utils\", rpm:\"cifs-utils~4.8.1~7.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:47", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1182-1", "cvss3": {}, "published": "2011-08-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for samba USN-1182-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840717", "href": "http://plugins.openvas.org/nasl.php?oid=840717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1182_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for samba USN-1182-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT)\n was vulnerable to cross-site request forgeries (CSRF). If a Samba\n administrator were tricked into clicking a link on a specially crafted web\n page, an attacker could trigger commands that could modify the Samba\n configuration. (CVE-2011-2522)\n\n Nobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did\n not properly sanitize its input when processing password change requests,\n resulting in cross-site scripting (XSS) vulnerabilities. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing server\n output during a crafted server request, a remote attacker could exploit\n this to modify the contents, or steal confidential data, within the same\n domain. (CVE-2011-2694)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1182-1\";\ntag_affected = \"samba on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1182-1/\");\n script_id(840717);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1182-1\");\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"Ubuntu Update for samba USN-1182-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.4~dfsg-1ubuntu8.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.4.7~dfsg-1ubuntu3.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.8~dfsg-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"swat\", ver:\"3.0.28a-1ubuntu4.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:38", "description": "The remote host is missing an update to samba\nannounced via advisory DSA 2290-1.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2290-1 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70226", "href": "http://plugins.openvas.org/nasl.php?oid=70226", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2290_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2290-1 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Samba Web Administration Tool (SWAT) contains several cross-site\nrequest forgery (CSRF) vulnerabilities (CVE-2011-2522) and a\ncross-site scripting vulnerability (CVE-2011-2694).\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2:3.5.6~dfsg-3squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.\n\nWe recommend that you upgrade your samba packages.\";\ntag_summary = \"The remote host is missing an update to samba\nannounced via advisory DSA 2290-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202290-1\";\n\n\nif(description)\n{\n script_id(70226);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"Debian Security Advisory DSA 2290-1 (samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbfs\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.2.5-4lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.5.6~dfsg-3squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.5.11~dfsg-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:47", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: samba34", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070262", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_samba340.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 56f4b3a6-c82c-11e0-a498-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70262\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_bugtraq_id(48901, 48899);\n script_name(\"FreeBSD Ports: samba34\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n samba34\n samba35\n\nCVE-2011-2522\nMultiple cross-site request forgery (CSRF) vulnerabilities in the\nSamba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow\nremote attackers to hijack the authentication of administrators for\nrequests that (1) shut down daemons, (2) start daemons, (3) add\nshares, (4) remove shares, (5) add printers, (6) remove printers, (7)\nadd user accounts, or (8) remove user accounts, as demonstrated by\ncertain start, stop, and restart parameters to the status program.\n\nCVE-2011-2694\nCross-site scripting (XSS) vulnerability in the chg_passwd function in\nweb/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x\nbefore 3.5.10 allows remote authenticated administrators to inject\narbitrary web script or HTML via the username parameter to the passwd\nprogram (aka the user field to the Change Password page).\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"samba34\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.4\")>0 && revcomp(a:bver, b:\"3.4.14\")<0) {\n txt += 'Package samba34 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"samba35\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5\")>0 && revcomp(a:bver, b:\"3.5.10\")<0) {\n txt += 'Package samba35 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-02T00:00:00", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2011:121 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2011:121 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-07/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831433\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:121\");\n script_cve_id(\"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"Mandriva Update for samba MDVSA-2011:121 (samba)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"samba on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in samba:\n\n All current released versions of Samba are vulnerable to a cross-site\n request forgery in the Samba Web Administration Tool (SWAT). By\n tricking a user who is authenticated with SWAT into clicking a\n manipulated URL on a different web page, it is possible to manipulate\n SWAT (CVE-2011-2522).\n\n All current released versions of Samba are vulnerable to a cross-site\n scripting issue in the Samba Web Administration Tool (SWAT). On the\n Change Password field, it is possible to insert arbitrary content\n into the user field (CVE-2011-2694).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.6mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.6mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.6mdv