Samba 4.9.x < 4.9.9 / 4.10.0 < 4.10.5 AC DC DNS Management Server Denial of Service Vulnerability (CVE-2019-12435)

2019-06-27T00:00:00
ID SAMBA_CVE-2019-12435.NASL
Type nessus
Reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-02-02T00:00:00

Description

The version of Samba running on the remote host is 4.9.x < 4.9.9 or 4.10.0 prior to 4.10.5. It is, therefore, potentially affected by a denial of service vulnerability in the AD DC DNS management server (dnsserver) RPC server process.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126307);
  script_version("1.2");
  script_cvs_date("Date: 2019/10/18 23:14:15");

  script_cve_id("CVE-2019-12435");
  script_bugtraq_id(108825);
  script_xref(name:"IAVA", value:"2019-A-0209");

  script_name(english:"Samba 4.9.x &lt; 4.9.9 / 4.10.0 &lt; 4.10.5 AC DC DNS Management Server Denial of Service Vulnerability (CVE-2019-12435)");
  script_summary(english:"Checks the version of Samba.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is potentially affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.9.x &lt; 4.9.9 or 
4.10.0 prior to 4.10.5. It is, therefore, potentially affected by a
denial of service vulnerability in the AD DC DNS management server
(dnsserver) RPC server process. 

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2019-12435.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.9.9.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.10.5.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.9.9 / 4.10.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12435");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/27");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nativelanman.nasl");
  script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("vcf.inc");
include("vcf_extras.inc");

if (report_paranoia &lt; 2) audit(AUDIT_PARANOID);

app = vcf::samba::get_app_info();
vcf::check_granularity(app_info:app, sig_segments:3);

constraints = [
  {"min_version":"4.9.0rc0", "fixed_version":"4.9.9"},
  {"min_version":"4.10.0rc0", "fixed_version":"4.10.5"}
];

vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);