Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)

2019-11-08T00:00:00
ID SAMBA_CVE-2019-14833.NASL
Type nessus
Reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to 4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An authenticated attacker could use this flaw to change their password to a weak password that fails the configured password complexity check.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130628);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/13");

  script_cve_id("CVE-2019-14833");

  script_name(english:"Samba 4.5.x / 4.6.x / 4.7.x / 4.8.x / 4.9.x < 4.9.15 / 4.10.x < 4.10.10 / 4.11.x < 4.11.2 Password Complexity Check Bypass (CVE-2019-14833)");
  script_summary(english:"Checks the version of Samba.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is potentially affected by a password complexity check bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x prior to 4.9.15, 4.10.x prior to
4.10.10, or 4.11.x prior to 4.11.2. It is, therefore, affected by a password complexity check bypass vulnerability. An
authenticated attacker could use this flaw to change their password to a weak password that fails the configured
password complexity check.");
  # https://www.samba.org/samba/security/CVE-2019-14833.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f566831");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.9.15 / 4.10.10 / 4.11.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nativelanman.nasl");
  script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('vcf.inc');
include('vcf_extras.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = vcf::samba::get_app_info();
vcf::check_granularity(app_info:app, sig_segments:3);

constraints = [
  {'min_version':'4.5.0',  'fixed_version':'4.9.15'},
  {'min_version':'4.10.0rc0', 'fixed_version':'4.10.10'},
  {'min_version':'4.11.0rc0', 'fixed_version':'4.11.2'}
];

vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);