Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2013-1805.NASL
HistoryDec 10, 2013 - 12:00 a.m.

RHEL 6 : samba4 (RHSA-2013:1805)

2013-12-1000:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.6%

JSON

Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408)

Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue.

All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2013:1805. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71292);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-4408");
  script_bugtraq_id(64191);
  script_xref(name:"RHSA", value:"2013:1805");

  script_name(english:"RHEL 6 : samba4 (RHSA-2013:1805)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated samba4 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

Samba is an open source implementation of the Server Message Block
(SMB) or Common Internet File System (CIFS) protocol, which allows
PC-compatible machines to share files, printers, and other
information.

A heap-based buffer overflow flaw was found in the DCE-RPC client code
in Samba. A specially crafted DCE-RPC packet could cause various Samba
programs to crash or, possibly, execute arbitrary code when parsed. A
malicious or compromised Active Directory Domain Controller could use
this flaw to compromise the winbindd daemon running with root
privileges. (CVE-2013-4408)

Red Hat would like to thank the Samba project for reporting this
issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of
SerNet as the original reporters of this issue.

All users of Samba are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After
installing this update, the smb service will be restarted
automatically."
  );
  # http://www.samba.org/samba/security/CVE-2013-4408
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/security/CVE-2013-4408"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2013:1805"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4408"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-pidl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2013:1805";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-client-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-client-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-client-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-common-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-common-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-common-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-dc-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-dc-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-dc-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-dc-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-dc-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-dc-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-debuginfo-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-debuginfo-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-debuginfo-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-devel-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-devel-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-devel-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-libs-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-pidl-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-pidl-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-pidl-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-python-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-python-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-python-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-swat-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-swat-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-swat-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-test-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-test-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-test-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-clients-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-clients-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-clients-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxsamba4p-cpe:/a:redhat:enterprise_linux:samba4
redhatenterprise_linuxsamba4-clientp-cpe:/a:redhat:enterprise_linux:samba4-client
redhatenterprise_linuxsamba4-commonp-cpe:/a:redhat:enterprise_linux:samba4-common
redhatenterprise_linuxsamba4-dcp-cpe:/a:redhat:enterprise_linux:samba4-dc
redhatenterprise_linuxsamba4-dc-libsp-cpe:/a:redhat:enterprise_linux:samba4-dc-libs
redhatenterprise_linuxsamba4-debuginfop-cpe:/a:redhat:enterprise_linux:samba4-debuginfo
redhatenterprise_linuxsamba4-develp-cpe:/a:redhat:enterprise_linux:samba4-devel
redhatenterprise_linuxsamba4-libsp-cpe:/a:redhat:enterprise_linux:samba4-libs
redhatenterprise_linuxsamba4-pidlp-cpe:/a:redhat:enterprise_linux:samba4-pidl
redhatenterprise_linuxsamba4-pythonp-cpe:/a:redhat:enterprise_linux:samba4-python
Rows per page:
1-10 of 171

Related

redhat 3
nvd 1
nessus 26
cve 1
ubuntucve 1
veracode 2
prion 1
centos 2
samba 1
openvas 37
slackware 1
oraclelinux 3
debiancve 1
cvelist 1
ibm 2
debian 1
mageia 1
osv 1
freebsd 1
altlinux 3
securityvulns 1
fedora 9
suse 3
ubuntu 1
gentoo 1
redhat
redhat
(RHSA-2013:1805) Important: samba4 security update
2013-12-09 00:00:00
(RHSA-2014:0009) Important: samba security update
2014-01-06 00:00:00
(RHSA-2013:1806) Important: samba and samba3x security update
2013-12-09 00:00:00
nvd
nvd
CVE-2013-4408
2013-12-10 06:14:55
nessus
nessus
Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20131210)
2013-12-11 00:00:00
CentOS 6 : samba4 (CESA-2013:1805)
2013-12-10 00:00:00
Slackware 14.1 / current : samba (SSA:2014-013-04)
2014-01-14 00:00:00
cve
cve
CVE-2013-4408
2013-12-10 06:14:55
ubuntucve
ubuntucve
CVE-2013-4408
2013-12-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:53:06
Privilege Escalation
2019-05-02 05:00:33
prion
prion
Heap overflow
2013-12-10 06:14:00
centos
centos
samba4 security update
2013-12-10 01:02:20
libsmbclient, samba, samba3x security update
2013-12-10 01:03:24
samba
samba
DCE-RPC fragment length field is incorrectly checked.
2013-12-09 00:00:00
openvas
openvas
Samba >= 3.4.0 DoS Vulnerability (CVE-2013-4408)
2021-09-24 00:00:00
CentOS Update for samba4 CESA-2013:1805 centos6
2013-12-17 00:00:00
RedHat Update for samba4 RHSA-2013:1805-01
2013-12-17 00:00:00
slackware
slackware
samba
2014-01-13 22:30:45
oraclelinux
oraclelinux
samba4 security update
2013-12-09 00:00:00
samba and samba3x security update
2013-12-09 00:00:00
samba security and bug fix update
2018-06-25 00:00:00
debiancve
debiancve
CVE-2013-4408
2013-12-10 06:14:55
cvelist
cvelist
CVE-2013-4408
2013-12-10 02:00:00
ibm
ibm
Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-4408 and CVE-2012-6105)
2018-06-18 00:07:38
Security Bulletin: Samba vulnerability issue on SONAS (CVE-2013-4408 and CVE-2012-6105)
2018-06-18 00:07:42
debian
debian
[SECURITY] [DSA 2812-1] samba security update
2013-12-09 10:13:23
mageia
mageia
Updated samba package fixes multiple vulnerabilities
2013-12-13 02:22:59
osv
osv
samba - several
2013-12-09 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2012-06-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.1.3-alt1
2013-12-09 00:00:00
Security fix for the ALT Linux 8 package samba version 4.1.3-alt1
2013-12-09 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.1.3-alt1
2013-12-09 00:00:00
securityvulns
securityvulns
Samba buffer overflow
2014-01-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: samba-4.1.3-2.fc20
2013-12-24 03:39:37
[SECURITY] Fedora 19 Update: samba-4.0.13-1.fc19
2013-12-15 03:35:27
[SECURITY] Fedora 20 Update: samba-4.1.6-1.fc20
2014-03-15 15:15:35
suse
suse
Security update for Samba (important)
2014-01-07 00:04:36
Security update for samba (important)
2016-04-20 12:07:48
Security update for samba (important)
2016-04-20 12:11:11
ubuntu
ubuntu
Samba vulnerabilities
2013-12-11 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for REDHAT-RHSA-2013-1805.NASL
redhat3nvd1nessus26cve1ubuntucve1veracode2prion1centos2samba1openvas37slackware1oraclelinux3debiancve1cvelist1ibm2debian1mageia1osv1freebsd1altlinux3securityvulns1fedora9suse3ubuntu1gentoo1