Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20130930_SAMBA3X_ON_SL5_X.NASL
HistoryOct 11, 2013 - 12:00 a.m.

Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20130930)

2013-10-1100:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session.
(CVE-2013-0213)

A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim’s password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214)

An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124)

Note: This issue did not affect the default configuration of the Samba server.

After installing this update, the smb service will be restarted automatically.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70390);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-0213", "CVE-2013-0214", "CVE-2013-4124");

  script_name(english:"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20130930)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the Samba Web Administration Tool (SWAT) did
not protect against being opened in a web page frame. A remote
attacker could possibly use this flaw to conduct a clickjacking attack
against SWAT users or users with an active SWAT session.
(CVE-2013-0213)

A flaw was found in the Cross-Site Request Forgery (CSRF) protection
mechanism implemented in SWAT. An attacker with the knowledge of a
victim's password could use this flaw to bypass CSRF protections and
conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214)

An integer overflow flaw was found in the way Samba handled an
Extended Attribute (EA) list provided by a client. A malicious client
could send a specially crafted EA list that triggered an overflow,
causing the server to loop and reprocess the list using an excessive
amount of memory. (CVE-2013-4124)

Note: This issue did not affect the default configuration of the Samba
server.

After installing this update, the smb service will be restarted
automatically."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=683
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bbd14410"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc-compat1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtevent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtevent-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"libtalloc-2.0.7-2.el5")) flag++;
if (rpm_check(release:"SL5", reference:"libtalloc-compat1-2.0.7-2.el5")) flag++;
if (rpm_check(release:"SL5", reference:"libtalloc-devel-2.0.7-2.el5")) flag++;
if (rpm_check(release:"SL5", reference:"libtevent-0.9.18-2.el5")) flag++;
if (rpm_check(release:"SL5", reference:"libtevent-devel-0.9.18-2.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-client-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-common-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-debuginfo-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-doc-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-domainjoin-gui-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-swat-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-winbind-3.6.6-0.136.el5")) flag++;
if (rpm_check(release:"SL5", reference:"samba3x-winbind-devel-3.6.6-0.136.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtalloc / libtalloc-compat1 / libtalloc-devel / libtevent / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxlibtallocp-cpe:/a:fermilab:scientific_linux:libtalloc
fermilabscientific_linuxlibtalloc-compat1p-cpe:/a:fermilab:scientific_linux:libtalloc-compat1
fermilabscientific_linuxlibtalloc-develp-cpe:/a:fermilab:scientific_linux:libtalloc-devel
fermilabscientific_linuxlibteventp-cpe:/a:fermilab:scientific_linux:libtevent
fermilabscientific_linuxlibtevent-develp-cpe:/a:fermilab:scientific_linux:libtevent-devel
fermilabscientific_linuxsamba3xp-cpe:/a:fermilab:scientific_linux:samba3x
fermilabscientific_linuxsamba3x-clientp-cpe:/a:fermilab:scientific_linux:samba3x-client
fermilabscientific_linuxsamba3x-commonp-cpe:/a:fermilab:scientific_linux:samba3x-common
fermilabscientific_linuxsamba3x-debuginfop-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo
fermilabscientific_linuxsamba3x-docp-cpe:/a:fermilab:scientific_linux:samba3x-doc
Rows per page:
1-10 of 151

Related

veracode 3
nessus 44
redhat 4
centos 4
openvas 56
oraclelinux 4
fedora 12
osv 1
suse 5
debian 1
ubuntu 2
securityvulns 4
zdt 1
samba 3
slackware 1
seebug 2
ubuntucve 3
freebsd 1
cve 3
debiancve 3
checkpoint_advisories 1
prion 3
altlinux 3
exploitpack 1
mageia 1
exploitdb 1
ics 1
gentoo 1
veracode
veracode
Cross-site Request Forgery (CSRF)
2019-05-02 04:58:49
Denial Of Service (DoS)
2019-01-15 08:51:27
Click Jacking
2019-01-15 09:01:47
nessus
nessus
RHEL 5 : samba3x (RHSA-2013:1310)
2013-10-01 00:00:00
CentOS 5 : samba (CESA-2014:0305)
2014-03-18 00:00:00
RHEL 6 : samba (RHSA-2013:1542)
2013-11-21 00:00:00
redhat
redhat
(RHSA-2014:0305) Moderate: samba security update
2014-03-17 00:00:00
(RHSA-2013:1310) Moderate: samba3x security and bug fix update
2013-09-30 16:52:28
(RHSA-2013:1542) Moderate: samba security, bug fix, and enhancement update
2013-11-21 00:00:00
centos
centos
samba3x security update
2013-10-07 12:45:09
libsmbclient, samba security update
2013-11-26 13:32:51
libsmbclient, samba security update
2014-03-17 19:05:31
openvas
openvas
CentOS Update for libsmbclient CESA-2014:0305 centos5
2014-03-20 00:00:00
RedHat Update for samba RHSA-2013:1542-02
2013-11-21 00:00:00
RedHat Update for samba RHSA-2014:0305-01
2014-03-20 00:00:00
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2013-11-25 00:00:00
samba3x security and bug fix update
2013-10-06 00:00:00
samba security update
2014-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: samba-4.0.8-1.fc18
2013-08-15 02:50:09
[SECURITY] Fedora 17 Update: samba-3.6.12-1.fc17.1
2013-02-12 05:30:46
[SECURITY] Fedora 18 Update: samba-4.0.11-1.fc18
2013-11-23 19:45:33
osv
osv
samba - several issues
2013-02-02 00:00:00
suse
suse
Security update for Samba (important)
2013-03-22 15:04:30
Security update for Samba (important)
2013-02-22 17:04:27
Security update for Samba (important)
2013-02-22 16:04:20
debian
debian
[SECURITY] [DSA 2617-1] samba security update
2013-02-02 12:26:25
ubuntu
ubuntu
Samba vulnerabilities
2016-03-08 00:00:00
Samba vulnerability
2013-09-24 00:00:00
securityvulns
securityvulns
Samba DoS
2013-08-28 00:00:00
[ MDVSA-2013:207 ] samba
2013-08-12 00:00:00
CVE-2013-4124 samba nttrans dos private exploit
2013-08-28 00:00:00
zdt
zdt
Samba nttrans Reply - Integer Overflow Vulnerability
2013-08-22 00:00:00
samba
samba
Denial of service - CPU loop and memory allocation.
2013-08-05 00:00:00
Cross-Site Request Forgery in SWAT
2013-01-30 00:00:00
Clickjacking in SWAT
2013-01-30 00:00:00
slackware
slackware
[slackware-security] samba
2013-08-06 07:20:57
seebug
seebug
Samba nttrans Reply - Integer Overflow Vulnerability
2014-07-01 00:00:00
Samba 本地拒绝服务漏洞(CVE-2013-4124)
2013-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-4124
2013-08-05 00:00:00
CVE-2013-0214
2013-02-02 00:00:00
CVE-2013-0213
2013-02-02 00:00:00
freebsd
freebsd
samba -- denial of service vulnerability
2013-08-05 00:00:00
cve
cve
CVE-2013-4124
2013-08-06 02:56:00
CVE-2013-0214
2013-02-02 20:55:00
CVE-2013-0213
2013-02-02 20:55:00
debiancve
debiancve
CVE-2013-4124
2013-08-06 02:56:00
CVE-2013-0214
2013-02-02 20:55:00
CVE-2013-0213
2013-02-02 20:55:00
checkpoint_advisories
checkpoint_advisories
Samba smbd read_nttrans_ea_list Infinite Allocation Loop Denial of Service (CVE-2013-4124)
2013-10-27 00:00:00
prion
prion
Integer overflow
2013-08-06 02:56:00
Cross site request forgery (csrf)
2013-02-02 20:55:00
Code injection
2013-02-02 20:55:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 8 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.0.8-alt1
2013-08-07 00:00:00
exploitpack
exploitpack
Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
mageia
mageia
Updated samba package fixes security vulnerability
2013-08-11 16:37:00
exploitdb
exploitdb
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
ics
ics
Omron NS Series HMI Vulnerabilities
2019-01-31 12:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00
JSON
Related for SL_20130930_SAMBA3X_ON_SL5_X.NASL
veracode3nessus44redhat4centos4openvas56oraclelinux4fedora12osv1suse5debian1ubuntu2securityvulns4zdt1samba3slackware1seebug2ubuntucve3freebsd1cve3debiancve3checkpoint_advisories1prion3altlinux3exploitpack1mageia1exploitdb1ics1gentoo1