Lucene search
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.SAMBA_4_1_6.NASLHistoryMar 18, 2014 - 12:00 a.m.
Samba 3.4.x < 3.6.23 / 4.0.x < 4.0.16 / 4.1.x < 4.1.6 Multiple Vulnerabilities
2014-03-1800:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
14
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.7%
According to its banner, the version of Samba running on the remote host is 3.4.x or later but prior to 3.6.23 or 4.0.x or later but prior to 4.0.16 or 4.1.6. It is, therefore, potentially affected by multiple vulnerabilities :
-
A flaw exists in the Security Account Manager Remote protocol implementation where it fails to validate the user lockout state, affecting Samba versions 3.4.x and later. This could allow a remote attacker to attempt a brute-force attack to determine a userโs password without being locked out. (CVE-2013-4496)
-
A flaw exists in the โowner_setโ function of the smbcacls command when changing the owner or group owner of the object using โ-Cโ / โโchownโ or โ-Gโ / โโchgrpโ flags, causing the existing ACL to be removed. This affects Samba versions 4.0.x and later and could allow an attacker unrestricted access to the modified object.
(CVE-2013-6442)
Note that Nessus has relied only on the self-reported version number and has not actually tried to exploit these issues or determine if the associated patches have been applied.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(73080);
script_version("1.7");
script_cvs_date("Date: 2018/11/15 20:50:24");
script_cve_id("CVE-2013-4496", "CVE-2013-6442");
script_bugtraq_id(66232, 66336);
script_name(english:"Samba 3.4.x < 3.6.23 / 4.0.x < 4.0.16 / 4.1.x < 4.1.6 Multiple Vulnerabilities");
script_summary(english:"Checks version of Samba");
script_set_attribute(attribute:"synopsis", value:"The remote Samba server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of Samba running on the remote
host is 3.4.x or later but prior to 3.6.23 or 4.0.x or later but prior
to 4.0.16 or 4.1.6. It is, therefore, potentially affected by multiple
vulnerabilities :
- A flaw exists in the Security Account Manager Remote
protocol implementation where it fails to validate the
user lockout state, affecting Samba versions 3.4.x and
later. This could allow a remote attacker to attempt a
brute-force attack to determine a user's password
without being locked out. (CVE-2013-4496)
- A flaw exists in the 'owner_set' function of the
smbcacls command when changing the owner or group owner
of the object using '-C' / '--chown' or '-G' / '--chgrp'
flags, causing the existing ACL to be removed. This
affects Samba versions 4.0.x and later and could allow
an attacker unrestricted access to the modified object.
(CVE-2013-6442)
Note that Nessus has relied only on the self-reported version number and
has not actually tried to exploit these issues or determine if the
associated patches have been applied.");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-4496.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-6442.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.6.23.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.0.16.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.1.6.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/security.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 3.6.23 / 4.0.16 / 4.1.6 or later or refer to the
vendor for patches or workarounds.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/18");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("smb_nativelanman.nasl");
script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
lanman = get_kb_item_or_exit("SMB/NativeLanManager");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if ("Samba " >!< lanman) audit(AUDIT_NOT_LISTEN, "Samba", port);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# Granularity Check
if (
lanman =~ "^Samba 3(\.6)?$" ||
lanman =~ "^Samba 4(\.[0-1])?$"
) audit(AUDIT_VER_NOT_GRANULAR, "Samba", port, lanman);
version = lanman - 'Samba ';
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Affected :
# 3.4.x < 3.6.23
# 4.0.x < 4.0.16
# 4.1.x < 4.1.6
if (
(ver[0] == 3 && ver[1] == 4) ||
(ver[0] == 3 && ver[1] == 5) ||
(ver[0] == 3 && ver[1] == 6 && ver[2] < 23) ||
(ver[0] == 4 && ver[1] == 0 && ver[2] < 16) ||
(ver[0] == 4 && ver[1] == 1 && ver[2] < 6)
)
{
if (report_verbosity > 0)
{
report = '\n Installed version : ' + version +
'\n Fixed version : 3.6.23 / 4.0.16 / 4.1.6\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Samba", port, version);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
www.samba.org/samba/history/
www.samba.org/samba/history/samba-3.6.23.html
www.samba.org/samba/history/samba-4.0.16.html
www.samba.org/samba/history/samba-4.1.6.html
www.samba.org/samba/history/security.html
www.samba.org/samba/security/CVE-2013-4496.html
www.samba.org/samba/security/CVE-2013-6442.html
Related
nessus
nessus
Fedora 19 : samba-4.0.16-1.fc19 (2014-3815)
2014-03-28 00:00:00
openSUSE Security Update : samba (openSUSE-SU-2014:0404-1)
2014-06-13 00:00:00
Slackware 14.0 / 14.1 / current : samba (SSA:2014-072-01)
2014-03-17 00:00:00
slackware
slackware
[slackware-security] samba
2014-03-14 06:48:32
altlinux
altlinux
Security fix for the ALT Linux 8 package samba-DC version 4.1.6-alt1
2014-03-17 00:00:00
Security fix for the ALT Linux 8 package samba version 4.1.6-alt1
2014-03-17 00:00:00
Security fix for the ALT Linux 10 package samba version 4.1.6-alt1
2014-03-17 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2014-03-11 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-072-01)
2022-04-21 00:00:00
Oracle: Security Advisory (ELSA-2014-0383)
2015-10-06 00:00:00
RedHat Update for samba4 RHSA-2014:0383-01
2014-04-10 00:00:00
securityvulns
securityvulns
Samba restrictions bypass
2014-03-18 00:00:00
[slackware-security] samba (SSA:2014-072-01)
2014-03-18 00:00:00
centos
centos
samba4 security update
2014-04-09 19:17:37
libsmbclient, samba, samba3x security update
2014-03-25 15:09:56
redhat
redhat
(RHSA-2014:0383) Moderate: samba4 security update
2014-04-09 00:00:00
(RHSA-2014:0330) Moderate: samba and samba3x security update
2014-03-25 00:00:00
veracode
veracode
Improper Handling Of Credentials
2019-05-02 04:57:33
Privilege Escalation
2019-05-02 04:57:33
oraclelinux
oraclelinux
samba4 security update
2014-04-09 00:00:00
samba and samba3x security update
2014-03-25 00:00:00
samba security and bug fix update
2018-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: samba-4.1.6-1.fc20
2014-03-15 15:15:35
[SECURITY] Fedora 19 Update: samba-4.0.16-1.fc19
2014-03-28 03:18:38
[SECURITY] Fedora 20 Update: samba-4.1.9-3.fc20
2014-06-26 01:52:55
cvelist
cvelist
CVE-2013-6442
2014-03-14 10:00:00
CVE-2013-4496
2014-03-14 10:00:00
cve
cve
CVE-2013-6442
2014-03-14 10:55:05
CVE-2013-4496
2014-03-14 10:55:05
prion
prion
Design/Logic Flaw
2014-03-14 10:55:00
Design/Logic Flaw
2014-03-14 10:55:00
samba
samba
smbcacls will remove the ACL on a file
2014-03-11 00:00:00
CVE-2013-4496: Password lockout not enforced for SAMR password changes
2014-03-11 00:00:00
seebug
seebug
Samba 'smbcacls'ๅฝไปคๅฎๅ
จ็ป่ฟๆผๆด
2014-03-17 00:00:00
debiancve
debiancve
CVE-2013-6442
2014-03-14 10:55:05
CVE-2013-4496
2014-03-14 10:55:05
nvd
nvd
CVE-2013-6442
2014-03-14 10:55:05
CVE-2013-4496
2014-03-14 10:55:05
ubuntu
ubuntu
Samba vulnerability
2014-03-26 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2014-03-23 13:10:03
ubuntucve
ubuntucve
CVE-2013-6442
2014-03-14 00:00:00
CVE-2013-4496
2014-03-14 00:00:00
suse
suse
Security update for Samba (important)
2014-04-08 23:04:47
Security update for samba (important)
2016-04-20 12:11:11
Security update for samba (important)
2016-04-20 12:07:48
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.7%
Related for SAMBA_4_1_6.NASL