Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)

2019-11-0800:00:00

www.tenable.com

The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to 4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An authenticated attacker could use this flaw to change their password to a weak password that fails the configured password complexity check.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130628);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/13");

  script_cve_id("CVE-2019-14833");

  script_name(english:"Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)");
  script_summary(english:"Checks the version of Samba.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is potentially affected by a password complexity check bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to
4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An
authenticated attacker could use this flaw to change their password to a weak password that fails the configured
password complexity check.");
  # https://www.samba.org/samba/security/CVE-2019-14833.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f566831");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.9.15 / 4.10.10 / 4.11.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nativelanman.nasl");
  script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('vcf.inc');
include('vcf_extras.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = vcf::samba::get_app_info();
vcf::check_granularity(app_info:app, sig_segments:3);

constraints = [
  {'min_version':'4.5.0',  'fixed_version':'4.9.15'},
  {'min_version':'4.10.0rc0', 'fixed_version':'4.10.10'},
  {'min_version':'4.11.0rc0', 'fixed_version':'4.11.2'}
];

vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);

VendorProductVersionCPE
sambasambacpe:/a:samba:samba

Vendor	Product	Version	CPE
samba	samba		cpe:/a:samba:samba

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833

www.nessus.org/u?0f566831

JSON

Related for SAMBA_CVE-2019-14833.NASL