Lucene search
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2007-1013.NASLHistoryNov 16, 2007 - 12:00 a.m.
RHEL 2.1 / 3 : samba (RHSA-2007:1013)
2007-11-1600:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Samba is a suite of programs used by machines to share files, printers, and other information.
A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. (CVE-2007-5398)
A heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server. (CVE-2007-4572)
Red Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba developers for responsibly disclosing these issues.
Users of Samba are advised to ugprade to these updated packages, which contain backported patches to resolve these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:1013. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(28244);
script_version("1.24");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-4572", "CVE-2007-5398");
script_bugtraq_id(26454, 26455);
script_xref(name:"RHSA", value:"2007:1013");
script_name(english:"RHEL 2.1 / 3 : samba (RHSA-2007:1013)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated samba packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1 and 3.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Samba is a suite of programs used by machines to share files,
printers, and other information.
A buffer overflow flaw was found in the way Samba creates NetBIOS
replies. If a Samba server is configured to run as a WINS server, a
remote unauthenticated user could cause the Samba server to crash or
execute arbitrary code. (CVE-2007-5398)
A heap-based buffer overflow flaw was found in the way Samba
authenticates users. A remote unauthenticated user could trigger this
flaw to cause the Samba server to crash. Careful analysis of this flaw
has determined that arbitrary code execution is not possible, and
under most circumstances will not result in a crash of the Samba
server. (CVE-2007-4572)
Red Hat would like to thank Alin Rad Pop of Secunia Research, and the
Samba developers for responsibly disclosing these issues.
Users of Samba are advised to ugprade to these updated packages, which
contain backported patches to resolve these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2007-4572"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2007-5398"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2007:1013"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-swat");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/16");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2007:1013";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"samba-2.2.12-1.21as.8.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"samba-client-2.2.12-1.21as.8.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"samba-common-2.2.12-1.21as.8.1")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"samba-swat-2.2.12-1.21as.8.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"samba-3.0.9-1.3E.14.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"samba-client-3.0.9-1.3E.14.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"samba-common-3.0.9-1.3E.14.1")) flag++;
if (rpm_check(release:"RHEL3", reference:"samba-swat-3.0.9-1.3E.14.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-client / samba-common / samba-swat");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | samba | p-cpe:/a:redhat:enterprise_linux:samba |
| redhat | enterprise_linux | samba-client | p-cpe:/a:redhat:enterprise_linux:samba-client |
| redhat | enterprise_linux | samba-common | p-cpe:/a:redhat:enterprise_linux:samba-common |
| redhat | enterprise_linux | samba-swat | p-cpe:/a:redhat:enterprise_linux:samba-swat |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
| redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
Related
openvas
openvas
Ubuntu Update for samba regression USN-544-2
2009-03-23 00:00:00
Mandriva Update for samba MDKSA-2007:224 (samba)
2009-04-09 00:00:00
FreeBSD Ports: samba, samba3, ja-samba
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities
2007-11-22 20:51:40
[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities
2007-11-29 14:28:19
[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
2007-11-26 14:53:41
osv
osv
samba - several vulnerabilities (update)
2007-11-29 00:00:00
samba - several vulnerabilities
2007-11-29 00:00:00
samba - several vulnerabilities
2007-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: samba-3.0.27-0.fc7
2007-11-16 00:36:50
[SECURITY] Fedora Core 6 Update: samba-3.0.24-8.fc6
2007-11-21 23:01:25
[SECURITY] Fedora 8 Update: samba-3.0.27-0.fc8
2007-11-16 14:39:42
gentoo
gentoo
Samba: Execution of arbitrary code
2007-11-20 00:00:00
nessus
nessus
Debian DSA-1409-3 : samba - several vulnerabilities
2007-11-26 00:00:00
SuSE 10 Security Update : Samba (ZYPP Patch Number 4719)
2007-12-13 00:00:00
Mandrake Linux Security Advisory : samba (MDKSA-2007:224-3)
2007-11-20 00:00:00
ubuntu
ubuntu
Samba regression
2007-11-16 00:00:00
Samba vulnerabilities
2007-11-16 00:00:00
Samba vulnerabilities
2008-06-17 00:00:00
oraclelinux
oraclelinux
Critical: samba security update
2007-11-16 00:00:00
Critical: samba security update
2007-12-04 00:00:00
Critical: samba security update
2007-11-23 00:00:00
redhat
redhat
(RHSA-2007:1013) Critical: samba security update
2007-11-15 00:00:00
(RHSA-2007:1017) Critical: samba security update
2007-11-15 00:00:00
(RHSA-2007:1016) Critical: samba security update
2007-11-15 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2007-11-15 00:00:00
securityvulns
securityvulns
Samba multiple security vulnerabilities
2007-11-16 00:00:00
Secunia Research: Samba "reply_netbios_packet()" Buffer Overflow Vulnerability
2007-11-16 00:00:00
[SAMBA] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
2007-11-16 00:00:00
suse
suse
remote code execution in samba
2007-12-05 16:05:59
centos
centos
samba security update
2007-11-15 23:26:10
samba security update
2007-11-15 19:31:12
samba security update
2007-11-15 18:56:31
slackware
slackware
[slackware-security] samba
2007-11-17 01:28:32
debiancve
debiancve
CVE-2007-4572
2007-11-16 18:46:00
CVE-2007-5398
2007-11-16 18:46:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:17:30
Arbitrary Code Execution
2020-04-10 00:17:29
prion
prion
Stack overflow
2007-11-16 18:46:00
Stack overflow
2007-11-16 18:46:00
checkpoint_advisories
checkpoint_advisories
ubuntucve
ubuntucve
CVE-2007-4572
2007-11-16 00:00:00
CVE-2007-5398
2007-11-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package samba version 3.0.27-alt1
2007-11-15 00:00:00
seebug
seebug
Samba nmbd_packets.c NetBIOS回复栈溢出漏洞
2007-11-17 00:00:00
Samba NMBD登录请求远程溢出漏洞
2007-11-17 00:00:00
cve
cve
CVE-2007-4572
2007-11-16 18:46:00
CVE-2007-5398
2007-11-16 18:46:00
samba
samba
Stack buffer overflow in nmbd's logon
2007-11-15 00:00:00
Remote code execution in Samba's WINS
2007-11-15 00:00:00
vmware
vmware
Updated service console patches.
2008-01-07 00:00:00
Updated service console patches.
2008-01-07 00:00:00
Related for REDHAT-RHSA-2007-1013.NASL