Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)
2016-04-13T00:00:00
ID SL_20160412_SAMBA_ON_SL5_X.NASL Type nessus Reporter This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2016-04-13T00:00:00
Description
Security Fix(es) :
A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)
Several flaws were found in Samba's implementation of
NTLMSSP authentication. An unauthenticated,
man-in-the-middle attacker could use this flaw to clear
the encryption and integrity flags of a connection,
causing data to be transmitted in plain text. The
attacker could also force the client or server into
sending data in plain text even if encryption was
explicitly requested for that connection.
(CVE-2016-2110)
It was discovered that Samba configured as a Domain
Controller would establish a secure communication
channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could
use this flaw to obtain session-related information
about the spoofed machine. (CVE-2016-2111)
It was found that Samba's LDAP implementation did not
enforce integrity protection for LDAP connections. A
man-in-the-middle attacker could use this flaw to
downgrade LDAP connections to use no integrity
protection, allowing them to hijack such connections.
(CVE-2016-2112)
It was found that Samba did not enable integrity
protection for IPC traffic by default. A
man-in-the-middle attacker could use this flaw to view
and modify the data sent between a Samba server and a
client. (CVE-2016-2115)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(90503);
script_version("2.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118");
script_name(english:"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Security Fix(es) :
- A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)
- Several flaws were found in Samba's implementation of
NTLMSSP authentication. An unauthenticated,
man-in-the-middle attacker could use this flaw to clear
the encryption and integrity flags of a connection,
causing data to be transmitted in plain text. The
attacker could also force the client or server into
sending data in plain text even if encryption was
explicitly requested for that connection.
(CVE-2016-2110)
- It was discovered that Samba configured as a Domain
Controller would establish a secure communication
channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could
use this flaw to obtain session-related information
about the spoofed machine. (CVE-2016-2111)
- It was found that Samba's LDAP implementation did not
enforce integrity protection for LDAP connections. A
man-in-the-middle attacker could use this flaw to
downgrade LDAP connections to use no integrity
protection, allowing them to hijack such connections.
(CVE-2016-2112)
- It was found that Samba did not enable integrity
protection for IPC traffic by default. A
man-in-the-middle attacker could use this flaw to view
and modify the data sent between a Samba server and a
client. (CVE-2016-2115)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b633e72b"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-swat");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"libsmbclient-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"libsmbclient-devel-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-client-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-common-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-debuginfo-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-swat-3.0.33-3.41.el5_11")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc");
}
{"id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)", "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)", "published": "2016-04-13T00:00:00", "modified": "2016-04-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/90503", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?b633e72b"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "nessus", "lastseen": "2021-01-17T13:49:12", "edition": 16, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL53313971", "SOL47133310", "F5:K47133310", "F5:K53313971"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851274", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310851275", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310131298", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310871594", "OPENVAS:1361412562310871597"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0621", "ELSA-2016-0611", "ELSA-2016-0612", "ELSA-2016-0613"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-0624.NASL", "REDHAT-RHSA-2016-0621.NASL", "REDHAT-RHSA-2016-0623.NASL", "REDHAT-RHSA-2016-0611.NASL", "CENTOS_RHSA-2016-0611.NASL", "ORACLELINUX_ELSA-2016-0611.NASL", "CENTOS_RHSA-2016-0621.NASL", "ORACLELINUX_ELSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0621.NASL", "SL_20160412_SAMBA3X_ON_SL5_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2016:0624", "RHSA-2016:0613", "RHSA-2016:0611", "RHSA-2016:0614", "RHSA-2016:0619", "RHSA-2016:0620"]}, {"type": "centos", "idList": ["CESA-2016:0612", "CESA-2016:0611", "CESA-2016:0613"]}, {"type": "cve", "idList": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2118", "CVE-2016-2115", "CVE-2016-2112"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1022-1", "OPENSUSE-SU-2016:1025-1", "SUSE-SU-2016:1024-1", "SUSE-SU-2016:1023-1", "SUSE-SU-2016:1028-1"]}, {"type": "ubuntu", "idList": ["USN-2950-2", "USN-2950-4", "USN-2950-1"]}, {"type": "fedora", "idList": ["FEDORA:CCDF16182D6A", "FEDORA:7C2A861B8E9D"]}, {"type": "amazon", "idList": ["ALAS-2016-686"]}, {"type": "freebsd", "idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"]}], "modified": "2021-01-17T13:49:12", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-01-17T13:49:12", "rev": 2}, "vulnersScore": 6.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "90503", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-swat", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:samba"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}
{"f5": [{"lastseen": "2019-04-30T18:20:59", "bulletinFamily": "software", "cvelist": ["CVE-2016-2110", "CVE-2016-2115"], "description": "\nF5 Product Development has assigned ID 587077 (BIG-IP), ID 477733 (ARX), and ID 589931 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H592133 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP DNS| 12.0.0 - 12.1.0| 12.1.1| Medium| Samba \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nARX| 6.0.0 - 6.4.0| None| Low| Samba \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| \nNone| Medium| Samba \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Samba \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Samba \nBIG-IQ ADC| 4.5.0| None| Medium| Samba \nBIG-IQ Centralized Management| 4.6.0| None| Medium| Samba \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Samba \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can avoid using any Samba tools included with the BIG-IP system. Though Samba tools are included with the BIG-IP Linux distribution, using a BIG-IP system as a Samba server is not supported. If your system uses an external shell script with Samba tools from within a custom monitor, you can use alternative monitoring methods.\n\n**Impact of action**: Performing the suggested action should not have a negative impact on your system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-05-01T19:32:00", "published": "2016-05-17T22:23:00", "id": "F5:K53313971", "href": "https://support.f5.com/csp/article/K53313971", "title": "Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:28", "bulletinFamily": "software", "cvelist": ["CVE-2016-2110", "CVE-2016-2115"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can avoid using any Samba tools included with the BIG-IP system. Though Samba tools are included with the BIG-IP Linux distribution, using a BIG-IP system as a Samba server is not supported. If your system uses an external shell script with Samba tools from within a custom monitor, you can use alternative monitoring methods.\n\n**Impact of action:** Performing the suggested action should not have a negative impact on your system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "edition": 1, "modified": "2016-09-01T00:00:00", "published": "2016-05-17T00:00:00", "id": "SOL53313971", "href": "http://support.f5.com/kb/en-us/solutions/public/k/53/sol53313971.html", "type": "f5", "title": "SOL53313971 - Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:33", "bulletinFamily": "software", "cvelist": ["CVE-2016-2112"], "edition": 1, "description": "\nF5 Product Development has assigned ID 477733 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Samba \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-14T19:34:00", "published": "2016-05-10T22:23:00", "href": "https://support.f5.com/csp/article/K47133310", "id": "F5:K47133310", "title": "Samba vulnerability CVE-2016-2112", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:54", "bulletinFamily": "software", "cvelist": ["CVE-2016-2112"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-10T00:00:00", "published": "2016-05-10T00:00:00", "id": "SOL47133310", "href": "http://support.f5.com/kb/en-us/solutions/public/k/47/sol47133310.html", "type": "f5", "title": "SOL47133310 - Samba vulnerability CVE-2016-2112", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "description": "Check the version of libsmbclient", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882458", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2016:0621 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2016:0621 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882458\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:19:02 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libsmbclient CESA-2016:0621 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of libsmbclient\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) protocol and the related Common Internet File\nSystem (CIFS) protocol, which allow PC-compatible machines to share files,\nprinters, and various information.\n\nSecurity Fix(es):\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0621\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021823.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "description": "Oracle Linux Local Security Checks ELSA-2016-0621", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122941", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0621", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0621.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122941\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:57 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0621\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0621 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0621\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0621.html\");\n script_cve_id(\"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\", \"CVE-2016-2110\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310871594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871594", "type": "openvas", "title": "RedHat Update for samba RHSA-2016:0621-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2016:0621-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871594\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:16:54 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba RHSA-2016:0621-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the\nServer Message Block (SMB) protocol and the related Common Internet File System\n(CIFS) protocol, which allow PC-compatible machines to share files, printers, and\nvarious information.\n\nSecurity Fix(es):\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0621-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Oracle Linux Local Security Checks ELSA-2016-0613", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122938", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0613", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0613.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122938\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:54 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0613\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0613 - samba3x security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0613\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0613.html\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\", \"CVE-2016-2110\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310871597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871597", "type": "openvas", "title": "RedHat Update for samba3x RHSA-2016:0613-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2016:0613-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871597\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:17:13 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba3x RHSA-2016:0613-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) or Common Internet File System (CIFS) protocol,\nwhich allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"samba3x on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0613-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00016.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Check the version of samba3x", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882456", "type": "openvas", "title": "CentOS Update for samba3x CESA-2016:0613 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2016:0613 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882456\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:18:51 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for samba3x CESA-2016:0613 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of samba3x\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) or Common Internet File System (CIFS) protocol,\nwhich allows PC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0613\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021821.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Mageia Linux Local Security Checks mgasa-2016-0151", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131298", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0151.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131298\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:01 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0151\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0151.html\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0151\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.25~2.3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310851275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851275", "type": "openvas", "title": "openSUSE: Security Advisory for samba (openSUSE-SU-2016:1025-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851275\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:20:17 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for samba (openSUSE-SU-2016:1025-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"samba was updated to fix seven security issues.\n\n These security issues were fixed:\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP connenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n\n - CVE-2016-2118:'Badlock' DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n\n - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close call.\n\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel.\n\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel\n from libsamba-passdb-devel while not providing it.\n\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n - bsc#924519: Upgrade on-disk FSRVP server state to new version.\n\n - bsc#968973: Only obsolete but do not provide gplv2/3 package names.\n\n - bso#6482: s3:utils/smbget: Fix recursive download.\n\n - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a\n filesystem with no ACL support.\n\n - bso#11643: docs: Add example for domain logins to smbspool man page.\n\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n\n - bso#11708: loadparm: Fix memory leak issue.\n\n - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.\n\n - bso#11719: ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped\n ...'.\n\n - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when\n creating a new file.\n\n - bso#11732: param: Fix str_list_v3 to accept ' ' again.\n\n - bso#11740: Real memory leak(buildup) issue in loadparm.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"samba on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1025-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"ctdb\", rpm:\"ctdb~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-debuginfo\", rpm:\"ctdb-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-devel\", rpm:\"ctdb-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests\", rpm:\"ctdb-tests~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests-debuginfo\", rpm:\"ctdb-tests-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc-devel\", rpm:\"libdcerpc-atsvc-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0\", rpm:\"libdcerpc-atsvc0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-debuginfo\", rpm:\"libdcerpc-atsvc0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-devel\", rpm:\"libdcerpc-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr-devel\", rpm:\"libdcerpc-samr-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0\", rpm:\"libdcerpc-samr0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo\", rpm:\"libdcerpc-samr0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec-devel\", rpm:\"libgensec-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-devel\", rpm:\"libndr-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac-devel\", rpm:\"libndr-krb5pac-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt-devel\", rpm:\"libndr-nbt-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard-devel\", rpm:\"libndr-standard-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry-devel\", rpm:\"libregistry-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials-devel\", rpm:\"libsamba-credentials-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig-devel\", rpm:\"libsamba-hostconfig-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb-devel\", rpm:\"libsamba-passdb-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0\", rpm:\"libsamba-passdb0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo\", rpm:\"libsamba-passdb0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy-devel\", rpm:\"libsamba-policy-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0\", rpm:\"libsamba-policy0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo\", rpm:\"libsamba-policy0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util-devel\", rpm:\"libsamba-util-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb-devel\", rpm:\"libsamdb-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw-devel\", rpm:\"libsmbclient-raw-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf-devel\", rpm:\"libsmbconf-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap-devel\", rpm:\"libsmbldap-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util-devel\", rpm:\"libtevent-util-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-core-devel\", rpm:\"samba-core-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-pidl\", rpm:\"samba-pidl~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python-debuginfo\", rpm:\"samba-python-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test\", rpm:\"samba-test~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-debuginfo\", rpm:\"samba-test-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-devel\", rpm:\"samba-test-devel~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-32bit\", rpm:\"libdcerpc-atsvc0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-debuginfo-32bit\", rpm:\"libdcerpc-atsvc0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-32bit\", rpm:\"libdcerpc-samr0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo-32bit\", rpm:\"libdcerpc-samr0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-32bit\", rpm:\"libregistry0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo-32bit\", rpm:\"libregistry0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-32bit\", rpm:\"libsamba-passdb0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo-32bit\", rpm:\"libsamba-passdb0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-32bit\", rpm:\"libsamba-policy0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo-32bit\", rpm:\"libsamba-policy0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.2.4~15.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310851274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851274", "type": "openvas", "title": "SUSE: Security Advisory for samba (SUSE-SU-2016:1022-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851274\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:17:58 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for samba (SUSE-SU-2016:1022-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samba was updated to the 4.2.x codestream, bringing some new features and\n security fixes (bsc#973832, FATE#320709).\n\n These security issues were fixed:\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP connections were vulnerable to downgrade and MITM\n attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n\n - CVE-2016-2118:'Badlock' DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n Also the following fixes were done:\n\n - Upgrade on-disk FSRVP server state to new version (bsc#924519).\n\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call (bsc#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel (bsc#973832).\n\n - s3:utils/smbget: Fix recursive download (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support (bso#10489).\n\n - docs: Add example for domain logins to smbspool man page (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool (bso#11690).\n\n - loadparm: Fix memory leak issue (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting FIONREAD (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'\n (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file (bso#11727).\n\n - param: Fix str_list_v3 to accept ' ' again (bso#11732).\n\n - Real memory leak(buildup) issue in loadparm (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it (bsc#972197).\n\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n - Only obsolete but do not provide gplv2/3 package names (bsc#968973).\n\n - Enable clustering (CTDB) support (bsc#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create (bso#11703)\n (bsc#964023).\n\n - vfs_fruit: Fix renaming directories with open files (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when rele ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"samba on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1022-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-32bit\", rpm:\"libsamba-passdb0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0\", rpm:\"libsamba-passdb0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo-32bit\", rpm:\"libsamba-passdb0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo\", rpm:\"libsamba-passdb0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.2.4~18.17.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0\", rpm:\"libsamba-passdb0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo\", rpm:\"libsamba-passdb0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-32bit\", rpm:\"libsamba-passdb0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo-32bit\", rpm:\"libsamba-passdb0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.2.4~18.17.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Check the version of libsmbclient", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882457", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2016:0611 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2016:0611 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882457\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:18:56 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libsmbclient CESA-2016:0611 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of libsmbclient\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) protocol and the related Common Internet File\nSystem (CIFS) protocol, which allow PC-compatible machines to share files,\nprinters, and various information.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter\nof CVE-2015-5370 and Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0611\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021815.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-glusterfs\", rpm:\"samba-glusterfs~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "description": "[3.0.33-3.41.el5]\n- Security Release 'BadLock'\n- resolves: CVE-2016-2110\n- resolves: CVE-2016-2111", "edition": 4, "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0621", "href": "http://linux.oracle.com/errata/ELSA-2016-0621.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "[3.6.23-30.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258]\n[3.6.23-30]\n- related: #1322686 - Update manpages\n[3.6.23-29]\n- related: #1322686 - Update CVE patchset\n[3.6.23-28]\n- related: #1322686 - Update manpages\n[3.6.23-27]\n- related: #1322686 - Update CVE patchset\n[3.6.23-26]\n- resolves: #1322686 - Fix CVE-2015-5370\n- resolves: #1322686 - Fix CVE-2016-2110\n- resolves: #1322686 - Fix CVE-2016-2111\n- resolves: #1322686 - Fix CVE-2016-2112\n- resolves: #1322686 - Fix CVE-2016-2115\n- resolves: #1322686 - Fix CVE-2016-2118 (Known as Badlock)", "edition": 4, "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0611", "href": "http://linux.oracle.com/errata/ELSA-2016-0611.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "[3.6.23-12.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 19973497]\n[3.6.23-12]\n- related: #1322685 - Update CVE patchset\n[3.6.23-11]\n- related: #1322685 - Update CVE patchset\n[3.6.23-10]\n- resolves: #1322685 - Fix CVE-2015-5370\n- resolves: #1322685 - Fix CVE-2016-2110\n- resolves: #1322685 - Fix CVE-2016-2111\n- resolves: #1322685 - Fix CVE-2016-2112\n- resolves: #1322685 - Fix CVE-2016-2115\n- resolves: #1322685 - Fix CVE-2016-2118 (Known as Badlock)", "edition": 4, "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0613", "href": "http://linux.oracle.com/errata/ELSA-2016-0613.html", "title": "samba3x security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T12:50:36", "description": "From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba-common", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:libsmbclient-devel"], "id": "ORACLELINUX_ELSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90489", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# Oracle Linux Security Advisory ELSA-2016-0621 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90489);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005950.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:33:04", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba (RHSA-2016:0621) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90498);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0621\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:34", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "CentOS 5 : samba (CESA-2016:0621) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# CentOS Errata and Security Advisory 2016:0621 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90452);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"CentOS 5 : samba (CESA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3db8a7e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:33:01", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "RHEL 6 : samba (RHSA-2016:0611) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-doc"], "id": "REDHAT-RHSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0611. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90491);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"RHEL 6 : samba (RHSA-2016:0611) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0611\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:33:04", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.6\nLong Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed\nthe CVE-2015-5370 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed\nas addressed by this update. This issue does affect the samba packages\non Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are\nadvised to use the 'client signing = required' configuration option in\nthe smb.conf file to mitigate CVE-2016-2115. No changes have been made\nto the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba (RHSA-2016:0623) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2016-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/90499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90499);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0623\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0623) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.6\nLong Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed\nthe CVE-2015-5370 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed\nas addressed by this update. This issue does affect the samba packages\non Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are\nadvised to use the 'client signing = required' configuration option in\nthe smb.conf file to mitigate CVE-2016-2115. No changes have been made\nto the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:33:04", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "RHEL 6 : samba (RHSA-2016:0619) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-common", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:samba-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-doc"], "id": "REDHAT-RHSA-2016-0619.NASL", "href": "https://www.tenable.com/plugins/nessus/90496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0619. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90496);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0619\");\n\n script_name(english:\"RHEL 6 : samba (RHSA-2016:0619) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n # http://badlock.org/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://samba.plus\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.2|6\\.4|6\\.5|6\\.6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2 / 6.4 / 6.5 / 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0619\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-common-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-debuginfo-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-clients-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:34", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "CentOS 5 : samba3x (CESA-2016:0613) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba3x-doc", "p-cpe:/a:centos:centos:samba3x-client", "p-cpe:/a:centos:centos:samba3x-swat", "p-cpe:/a:centos:centos:samba3x-common", "p-cpe:/a:centos:centos:samba3x-winbind", "p-cpe:/a:centos:centos:samba3x", "p-cpe:/a:centos:centos:samba3x-winbind-devel", "p-cpe:/a:centos:centos:samba3x-domainjoin-gui", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0613 and \n# CentOS Errata and Security Advisory 2016:0613 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90451);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"CentOS 5 : samba3x (CESA-2016:0613) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b672964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:49:11", "description": "Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol\n implementation. A remote, authenticated attacker could\n use these flaws to cause a denial of service against the\n Samba server (high CPU load or a crash) or, possibly,\n execute arbitrary code with the permissions of the user\n running Samba (root). This flaw could also be used to\n downgrade a secure DCE/RPC connection by a\n man-in-the-middle attacker taking control of an Active\n Directory (AD) object and compromising the security of a\n Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba3x-doc", "p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind", "p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba3x-common", "p-cpe:/a:fermilab:scientific_linux:samba3x-swat", "p-cpe:/a:fermilab:scientific_linux:samba3x", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel", "p-cpe:/a:fermilab:scientific_linux:samba3x-client"], "id": "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90501);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol\n implementation. A remote, authenticated attacker could\n use these flaws to cause a denial of service against the\n Samba server (high CPU load or a crash) or, possibly,\n execute arbitrary code with the permissions of the user\n running Samba (root). This flaw could also be used to\n downgrade a secure DCE/RPC connection by a\n man-in-the-middle attacker taking control of an Active\n Directory (AD) object and compromising the security of a\n Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6491\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bab64414\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T05:33:02", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel"], "id": "REDHAT-RHSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0613. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90493);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0613\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:30:33", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "title": "CentOS 6 : samba (CESA-2016:0611) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2016-04-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-domainjoin-gui", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-doc", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-glusterfs", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:samba-winbind-devel"], "id": "CENTOS_RHSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0611 and \n# CentOS Errata and Security Advisory 2016:0611 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90449);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"CentOS 6 : samba (CESA-2016:0611) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021815.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?808aa2e9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:28:04", "description": "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-25T00:59:00", "title": "CVE-2016-2115", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2115"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.6.25", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:4.0.25", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:4.1.23", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.26", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.2.9", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:4.3.6", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2115", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-04-25T00:59:00", "title": "CVE-2016-2111", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2111"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.6.25", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:4.0.25", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:4.1.23", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.26", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.2.9", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:4.3.6", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2111", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-25T00:59:00", "title": "CVE-2016-2112", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2112"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.6.25", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:4.0.25", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:4.1.23", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.26", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.2.9", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:4.3.6", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2112", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-04-12T23:59:00", "title": "CVE-2016-2118", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2118"], "modified": "2019-09-27T17:17:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.3.7", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.10", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.2.9", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.4.1", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:4.3.6", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2118", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2118", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:04", "description": "The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.", "edition": 4, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-25T00:59:00", "title": "CVE-2016-2110", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2110"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.6.25", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:4.0.25", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:4.1.23", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.26", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.2.9", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:4.3.6", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2110", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2017-09-08T11:53:57", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0613", "href": "https://access.redhat.com/errata/RHSA-2016:0613", "type": "redhat", "title": "(RHSA-2016:0613) Critical: samba3x security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "modified": "2018-06-06T20:24:25", "published": "2016-04-13T10:54:34", "id": "RHSA-2016:0611", "href": "https://access.redhat.com/errata/RHSA-2016:0611", "type": "redhat", "title": "(RHSA-2016:0611) Critical: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2017-09-08T11:54:29", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0624", "href": "https://access.redhat.com/errata/RHSA-2016:0624", "type": "redhat", "title": "(RHSA-2016:0624) Critical: samba3x security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2016-09-04T02:18:36", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0619", "href": "https://access.redhat.com/errata/RHSA-2016:0619", "type": "redhat", "title": "(RHSA-2016:0619) Critical: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T12:14:57", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0625", "href": "https://access.redhat.com/errata/RHSA-2016:0625", "type": "redhat", "title": "(RHSA-2016:0625) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T12:17:17", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0621", "href": "https://access.redhat.com/errata/RHSA-2016:0621", "type": "redhat", "title": "(RHSA-2016:0621) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T11:54:06", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0623", "href": "https://access.redhat.com/errata/RHSA-2016:0623", "type": "redhat", "title": "(RHSA-2016:0623) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "modified": "2017-03-08T06:50:55", "published": "2016-04-12T23:07:21", "id": "RHSA-2016:0618", "href": "https://access.redhat.com/errata/RHSA-2016:0618", "type": "redhat", "title": "(RHSA-2016:0618) Critical: samba security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nThe following packages have been upgraded to a newer upstream version: Samba\n(4.2.10). Refer to the Release Notes listed in the References section for a\ncomplete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain\nconnections. A man-in-the-middle attacker could use this flaw to spoof a Samba\nserver using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB)\nsigning for clients using the SMB1 protocol. A man-in-the-middle attacker could\nuse this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and\nCVE-2016-2115.\n", "modified": "2016-09-04T02:18:36", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0620", "href": "https://access.redhat.com/errata/RHSA-2016:0620", "type": "redhat", "title": "(RHSA-2016:0620) Critical: samba4 security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Gluster Storage do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "modified": "2018-06-13T01:28:21", "published": "2016-04-13T01:09:54", "id": "RHSA-2016:0614", "href": "https://access.redhat.com/errata/RHSA-2016:0614", "type": "redhat", "title": "(RHSA-2016:0614) Critical: samba security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0611\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033853.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-doc\nsamba-domainjoin-gui\nsamba-glusterfs\nsamba-swat\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-devel\nsamba-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0611.html", "edition": 3, "modified": "2016-04-13T00:14:40", "published": "2016-04-13T00:14:40", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033853.html", "id": "CESA-2016:0611", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:36", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0613\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033859.html\n\n**Affected packages:**\nsamba3x\nsamba3x-client\nsamba3x-common\nsamba3x-doc\nsamba3x-domainjoin-gui\nsamba3x-swat\nsamba3x-winbind\nsamba3x-winbind-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0613.html", "edition": 3, "modified": "2016-04-13T00:27:00", "published": "2016-04-13T00:27:00", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033859.html", "id": "CESA-2016:0613", "title": "samba3x security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2111"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0621\n\n\nSamba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033861.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0621.html", "edition": 3, "modified": "2016-04-13T00:30:21", "published": "2016-04-13T00:30:21", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033861.html", "id": "CESA-2016:0621", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:27:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0612\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033852.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033854.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033855.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033856.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033857.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033858.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033860.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033862.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033863.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033864.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033865.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033866.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033867.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033868.html\n\n**Affected packages:**\nctdb\nctdb-devel\nctdb-tests\nipa\nipa-admintools\nipa-client\nipa-python\nipa-server\nipa-server-dns\nipa-server-selinux\nipa-server-trust-ad\nldb-tools\nlibldb\nlibldb-devel\nlibsmbclient\nlibsmbclient-devel\nlibtalloc\nlibtalloc-devel\nlibtdb\nlibtdb-devel\nlibtevent\nlibtevent-devel\nlibwbclient\nlibwbclient-devel\nopenchange\nopenchange-client\nopenchange-devel\nopenchange-devel-docs\npyldb\npyldb-devel\npytalloc\npytalloc-devel\npython-tdb\npython-tevent\nsamba\nsamba-client\nsamba-client-libs\nsamba-common\nsamba-common-libs\nsamba-common-tools\nsamba-dc\nsamba-dc-libs\nsamba-devel\nsamba-libs\nsamba-pidl\nsamba-python\nsamba-test\nsamba-test-devel\nsamba-test-libs\nsamba-vfs-glusterfs\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-krb5-locator\nsamba-winbind-modules\nsamba4\nsamba4-client\nsamba4-common\nsamba4-dc\nsamba4-dc-libs\nsamba4-devel\nsamba4-libs\nsamba4-pidl\nsamba4-python\nsamba4-test\nsamba4-winbind\nsamba4-winbind-clients\nsamba4-winbind-krb5-locator\ntdb-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0612.html", "edition": 5, "modified": "2016-04-13T03:11:17", "published": "2016-04-13T00:13:42", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033852.html", "id": "CESA-2016:0612", "title": "ctdb, ipa, ldb, libldb, libsmbclient, libtalloc, libtdb, libtevent, libwbclient, openchange, pyldb, pytalloc, python, samba, samba4, tdb security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:42:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint\n function\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n", "edition": 1, "modified": "2016-04-13T20:07:50", "published": "2016-04-13T20:07:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html", "id": "SUSE-SU-2016:1028-1", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:30:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close call.\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel.\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel\n from libsamba-passdb-devel while not providing it.\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - bsc#924519: Upgrade on-disk FSRVP server state to new version.\n - bsc#968973: Only obsolete but do not provide gplv2/3 package names.\n - bso#6482: s3:utils/smbget: Fix recursive download.\n - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a\n filesystem with no ACL support.\n - bso#11643: docs: Add example for domain logins to smbspool man page.\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n - bso#11708: loadparm: Fix memory leak issue.\n - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.\n - bso#11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped\n ...".\n - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when\n creating a new file.\n - bso#11732: param: Fix str_list_v3 to accept ";" again.\n - bso#11740: Real memeory leak(buildup) issue in loadparm.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-04-13T14:07:57", "published": "2016-04-13T14:07:57", "id": "OPENSUSE-SU-2016:1025-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:15:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Samba was updated to the 4.2.x codestream, bringing some new features and\n security fixes (bsc#973832, FATE#320709).\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n Also the following fixes were done:\n - Upgrade on-disk FSRVP server state to new version; (bsc#924519).\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (bsc#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (bsc#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept ";" again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (bsc#972197).\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - Only obsolete but do not provide gplv2/3 package names; (bsc#968973).\n - Enable clustering (CTDB) support; (bsc#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (bsc#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (bsc#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n\n", "edition": 1, "modified": "2016-04-13T00:08:02", "published": "2016-04-13T00:08:02", "id": "SUSE-SU-2016:1022-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint\n function\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n", "edition": 1, "modified": "2016-04-13T00:11:56", "published": "2016-04-13T00:11:56", "id": "SUSE-SU-2016:1023-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:23:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close call.\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel.\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel\n from libsamba-passdb-devel while not providing it.\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - bsc#924519: Upgrade on-disk FSRVP server state to new version.\n - bsc#968973: Only obsolete but do not provide gplv2/3 package names.\n - bso#6482: s3:utils/smbget: Fix recursive download.\n - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a\n filesystem with no ACL support.\n - bso#11643: docs: Add example for domain logins to smbspool man page.\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n - bso#11708: loadparm: Fix memory leak issue.\n - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.\n - bso#11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped\n ...".\n - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when\n creating a new file.\n - bso#11732: param: Fix str_list_v3 to accept ";" again.\n - bso#11740: Real memeory leak(buildup) issue in loadparm.\n\n", "edition": 1, "modified": "2016-04-13T00:13:24", "published": "2016-04-13T00:13:24", "id": "SUSE-SU-2016:1024-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:29", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages \nintroduced a compatibility issue with NTLM authentication in libsoup. This \nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the \nDCE/RPC implementation. A remote attacker could use this issue to perform \na denial of service, downgrade secure connections by performing a man in \nthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the \nNTLMSSP authentication implementation. A remote attacker could use this \nissue to downgrade connections to plain text by performing a man in the \nmiddle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a \nsecure connection to a server with a spoofed computer name. A remote \nattacker could use this issue to obtain sensitive information. \n(CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not \nenforce integrity protection. A remote attacker could use this issue to \nhijack LDAP connections by performing a man in the middle attack. \n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. \nA remote attacker could use this issue to spoof a Samba server. \n(CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if \nconfigured to. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection \nfor IPC traffic. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and \nMS-LSAD protocols. A remote attacker could use this flaw with a man in the \nmiddle attack to impersonate users and obtain sensitive information from \nthe Security Account Manager database. This flaw is known as Badlock. \n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. \nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes. Configuration changes may \nbe required in certain environments.", "edition": 5, "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "USN-2950-2", "href": "https://ubuntu.com/security/notices/USN-2950-2", "title": "libsoup update", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:42:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Jouni Knuutinen discovered that Samba contained multiple flaws in the \nDCE/RPC implementation. A remote attacker could use this issue to perform \na denial of service, downgrade secure connections by performing a man in \nthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the \nNTLMSSP authentication implementation. A remote attacker could use this \nissue to downgrade connections to plain text by performing a man in the \nmiddle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a \nsecure connection to a server with a spoofed computer name. A remote \nattacker could use this issue to obtain sensitive information. \n(CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not \nenforce integrity protection. A remote attacker could use this issue to \nhijack LDAP connections by performing a man in the middle attack. \n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. \nA remote attacker could use this issue to spoof a Samba server. \n(CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if \nconfigured to. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection \nfor IPC traffic. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and \nMS-LSAD protocols. A remote attacker could use this flaw with a man in the \nmiddle attack to impersonate users and obtain sensitive information from \nthe Security Account Manager database. This flaw is known as Badlock. \n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. \nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes. Configuration changes may \nbe required in certain environments.", "edition": 5, "modified": "2016-04-18T00:00:00", "published": "2016-04-18T00:00:00", "id": "USN-2950-1", "href": "https://ubuntu.com/security/notices/USN-2950-1", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba \n4.3.8 caused certain regressions and interoperability issues.\n\nThis update resolves some of these issues by updating to Samba 4.3.9 in \nUbuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression \nfixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.\n\nThis advisory was inadvertently published as USN-2950-2 originally.\n\nOriginal advisory details:\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the \nDCE/RPC implementation. A remote attacker could use this issue to perform \na denial of service, downgrade secure connections by performing a man in \nthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the \nNTLMSSP authentication implementation. A remote attacker could use this \nissue to downgrade connections to plain text by performing a man in the \nmiddle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a \nsecure connection to a server with a spoofed computer name. A remote \nattacker could use this issue to obtain sensitive information. \n(CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not \nenforce integrity protection. A remote attacker could use this issue to \nhijack LDAP connections by performing a man in the middle attack. \n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. \nA remote attacker could use this issue to spoof a Samba server. \n(CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if \nconfigured to. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection \nfor IPC traffic. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and \nMS-LSAD protocols. A remote attacker could use this flaw with a man in the \nmiddle attack to impersonate users and obtain sensitive information from \nthe Security Account Manager database. This flaw is known as Badlock. \n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. \nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes. Configuration changes may \nbe required in certain environments.", "edition": 5, "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "USN-2950-3", "href": "https://ubuntu.com/security/notices/USN-2950-3", "title": "Samba regressions", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to \nversion 4.3.9, which introduced a regression when using the ntlm_auth tool. \nThis update fixes the problem.\n\nOriginal advisory details:\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the \nDCE/RPC implementation. A remote attacker could use this issue to perform \na denial of service, downgrade secure connections by performing a man in \nthe middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the \nNTLMSSP authentication implementation. A remote attacker could use this \nissue to downgrade connections to plain text by performing a man in the \nmiddle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a \nsecure connection to a server with a spoofed computer name. A remote \nattacker could use this issue to obtain sensitive information. \n(CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not \nenforce integrity protection. A remote attacker could use this issue to \nhijack LDAP connections by performing a man in the middle attack. \n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. \nA remote attacker could use this issue to spoof a Samba server. \n(CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if \nconfigured to. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection \nfor IPC traffic. A remote attacker could use this issue to perform a man in \nthe middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and \nMS-LSAD protocols. A remote attacker could use this flaw with a man in the \nmiddle attack to impersonate users and obtain sensitive information from \nthe Security Account Manager database. This flaw is known as Badlock. \n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. \nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, \nnew features, and possibly incompatible changes. Configuration changes may \nbe required in certain environments.", "edition": 5, "modified": "2016-05-25T00:00:00", "published": "2016-05-25T00:00:00", "id": "USN-2950-5", "href": "https://ubuntu.com/security/notices/USN-2950-5", "title": "Samba regression", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "**Issue Overview:**\n\nMultiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). ([CVE-2015-5370 __](<https://access.redhat.com/security/cve/CVE-2015-5370>))\n\nA protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. ([CVE-2016-2118 __](<https://access.redhat.com/security/cve/CVE-2016-2118>))\n\nSeveral flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. ([CVE-2016-2110 __](<https://access.redhat.com/security/cve/CVE-2016-2110>))\n\nIt was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. ([CVE-2016-2111 __](<https://access.redhat.com/security/cve/CVE-2016-2111>))\n\nIt was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. ([CVE-2016-2112 __](<https://access.redhat.com/security/cve/CVE-2016-2112>))\n\nIt was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. ([CVE-2016-2113 __](<https://access.redhat.com/security/cve/CVE-2016-2113>))\n\nIt was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. ([CVE-2016-2114 __](<https://access.redhat.com/security/cve/CVE-2016-2114>))\n\nIt was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. ([CVE-2016-2115 __](<https://access.redhat.com/security/cve/CVE-2016-2115>)) \n\n\n \n**Affected Packages:** \n\n\nsamba\n\n \n**Issue Correction:** \nRun _yum update samba_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n ctdb-tests-4.2.10-6.33.amzn1.i686 \n libsmbclient-devel-4.2.10-6.33.amzn1.i686 \n samba-common-tools-4.2.10-6.33.amzn1.i686 \n samba-client-4.2.10-6.33.amzn1.i686 \n samba-winbind-4.2.10-6.33.amzn1.i686 \n ctdb-devel-4.2.10-6.33.amzn1.i686 \n samba-winbind-krb5-locator-4.2.10-6.33.amzn1.i686 \n libsmbclient-4.2.10-6.33.amzn1.i686 \n samba-4.2.10-6.33.amzn1.i686 \n samba-client-libs-4.2.10-6.33.amzn1.i686 \n samba-libs-4.2.10-6.33.amzn1.i686 \n samba-common-libs-4.2.10-6.33.amzn1.i686 \n samba-devel-4.2.10-6.33.amzn1.i686 \n samba-test-devel-4.2.10-6.33.amzn1.i686 \n samba-winbind-modules-4.2.10-6.33.amzn1.i686 \n samba-test-libs-4.2.10-6.33.amzn1.i686 \n samba-debuginfo-4.2.10-6.33.amzn1.i686 \n samba-python-4.2.10-6.33.amzn1.i686 \n ctdb-4.2.10-6.33.amzn1.i686 \n libwbclient-devel-4.2.10-6.33.amzn1.i686 \n samba-winbind-clients-4.2.10-6.33.amzn1.i686 \n libwbclient-4.2.10-6.33.amzn1.i686 \n samba-test-4.2.10-6.33.amzn1.i686 \n \n noarch: \n samba-pidl-4.2.10-6.33.amzn1.noarch \n samba-common-4.2.10-6.33.amzn1.noarch \n \n src: \n samba-4.2.10-6.33.amzn1.src \n \n x86_64: \n libwbclient-4.2.10-6.33.amzn1.x86_64 \n samba-test-devel-4.2.10-6.33.amzn1.x86_64 \n samba-client-4.2.10-6.33.amzn1.x86_64 \n samba-test-libs-4.2.10-6.33.amzn1.x86_64 \n libwbclient-devel-4.2.10-6.33.amzn1.x86_64 \n samba-4.2.10-6.33.amzn1.x86_64 \n ctdb-4.2.10-6.33.amzn1.x86_64 \n samba-winbind-krb5-locator-4.2.10-6.33.amzn1.x86_64 \n samba-common-libs-4.2.10-6.33.amzn1.x86_64 \n ctdb-devel-4.2.10-6.33.amzn1.x86_64 \n libsmbclient-devel-4.2.10-6.33.amzn1.x86_64 \n samba-python-4.2.10-6.33.amzn1.x86_64 \n samba-client-libs-4.2.10-6.33.amzn1.x86_64 \n samba-winbind-modules-4.2.10-6.33.amzn1.x86_64 \n samba-libs-4.2.10-6.33.amzn1.x86_64 \n samba-devel-4.2.10-6.33.amzn1.x86_64 \n samba-winbind-clients-4.2.10-6.33.amzn1.x86_64 \n libsmbclient-4.2.10-6.33.amzn1.x86_64 \n samba-winbind-4.2.10-6.33.amzn1.x86_64 \n samba-common-tools-4.2.10-6.33.amzn1.x86_64 \n samba-debuginfo-4.2.10-6.33.amzn1.x86_64 \n ctdb-tests-4.2.10-6.33.amzn1.x86_64 \n samba-test-4.2.10-6.33.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-04-13T11:45:00", "published": "2016-04-13T11:45:00", "id": "ALAS-2016-686", "href": "https://alas.aws.amazon.com/ALAS-2016-686.html", "title": "Critical: samba", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-04-14T04:23:49", "published": "2016-04-14T04:23:49", "id": "FEDORA:CCDF16182D6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: samba-4.2.11-0.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-04-13T20:24:23", "published": "2016-04-13T20:24:23", "id": "FEDORA:C6F7761DDFC6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: samba-4.3.8-0.fc23", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-04-15T03:20:46", "published": "2016-04-15T03:20:46", "id": "FEDORA:7C2A861B8E9D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: samba-4.4.2-1.fc24", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "- CVE-2015-5370 (arbitrary code execution)\n\nMultiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial\nof service against the Samba server (high CPU load or a crash) or,\npossibly, execute arbitrary code with the permissions of the user\nrunning Samba (root). This flaw could also be used to downgrade a secure\nDCE/RPC connection by a man-in-the-middle attacker taking control of an\nActive Directory (AD) object and compromising the security of a Samba\nActive Directory Domain Controller (DC).\n\n- CVE-2016-2110 (man-in-the-middle)\n\nSeveral flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also\nforce the client or server into sending data in plain text even if\nencryption was explicitly requested for that connection.\n\n- CVE-2016-2111 (information disclosure)\n\nAn authentication flaw was found in Samba. When Samba is configured to\nact as a Domain Controller, it allows remote attackers to spoof the\ncomputer name of a secure channel's endpoints. The attacker could\nexploit this flaw to obtain sensitive session information by running a\ncrafted application and leveraging the ability to sniff network traffic.\n\n- CVE-2016-2112 (man-in-the-middle)\n\nIt was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections.\n\n- CVE-2016-2113 (man-in-the-middle)\n\nIt was found that while having a support for TLS/SSL for some protocols\nlike ldap and http, certificates are not validated at all. When having a\n"tls cafile" option, configured certificate is not used to validate the\nserver certificate.\n\n- CVE-2016-2114 (man-in-the-middle)\n\nIt was found that Samba based active directory domain controller does\nnot enforce smb signing and opens possibility for man-in-the-middle attacks.\nWhen Samba is configured as a Domain Controller, the default for the\n"server signing" should be "mandatory". During the early development of\nSamba 4 a new experimental file server located under source4/smb_server\nwas used. But before the final 4.0.0 release upstream switched back to\nthe file server under source3/smbd. But the logic for the correct\ndefault of "server signing" was not ported.\n\n- CVE-2016-2115 (man-in-the-middle)\n\nIt was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n\n- CVE-2016-2118 (man-in-the-middle)\n\nIt was reported that various samba versions are vulnerable to man in the\nmiddle attack where attacker can intercept any DCERPC traffic between a\nclient and a server in order to impersonate the client and get the same\nprivileges as the authenticated user account. This is most problematic\nagainst active directory domain controllers.", "modified": "2016-04-23T00:00:00", "published": "2016-04-23T00:00:00", "id": "ASA-201604-13", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html", "type": "archlinux", "title": "samba: multiple issues", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "software", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Samba and Windows Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nSamba, Microsoft Windows\n\n# Versions Affected\n\n * The following versions of Samba are affected: 3.6.x, 4.0.x, 4.1.x, 4.2.0-4.2.9, 4.3.0-4.3.6, and 4.4.0. \n * The affected Microsoft Windows versions can be viewed here: <https://technet.microsoft.com/library/security/MS16-047>. \n\n# Description\n\nThere are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic include viewing or modifying certain types of private data on Samba servers. Additionally, Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service.\n\n# Affected Products and Versions\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore does not require any upgrades. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore does not require any upgrades. \n\n# Credit\n\nStefan Metzmacher\n\n# References\n\n * <http://badlock.org/>\n * <https://www.samba.org/samba/security/CVE-2016-2118.html>\n * <https://technet.microsoft.com/library/security/MS16-047>\n * <https://www.samba.org/samba/security/CVE-2015-5370.html>\n * <https://www.samba.org/samba/security/CVE-2016-2110.html>\n * <https://www.samba.org/samba/security/CVE-2016-2111.html>\n * <https://www.samba.org/samba/security/CVE-2016-2112.html>\n * <https://www.samba.org/samba/security/CVE-2016-2113.html>\n * <https://www.samba.org/samba/security/CVE-2016-2114.html>\n * <https://www.samba.org/samba/security/CVE-2016-2115.html>\n", "edition": 5, "modified": "2016-04-14T00:00:00", "published": "2016-04-14T00:00:00", "id": "CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D", "href": "https://www.cloudfoundry.org/blog/samba-and-windows-vulnerabilities/", "title": "Samba and Windows Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2114", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "\nSamba team reports:\n\n[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service\n\t (crashes and high cpu consumption) and man in the middle attacks.\n[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected.\n\t A man in the middle is able to clear even required flags, especially\n\t NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.\n[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote\n\t attackers to spoof the computer name of a secure channel's endpoints, and obtain\n\t sensitive session information, by running a crafted application and leveraging\n\t the ability to sniff network traffic.\n[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections\n\t to no integrity protection.\n[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP\n\t connections (with ldaps://) and ncacn_http connections (with https://).\n[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.\n[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is\n\t the default for most the file server related protocols) is inherited from the underlying SMB connection.\n[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic\n\t between a client and a server in order to impersonate the client and get the same privileges\n\t as the authenticated user account. This is most problematic against active directory domain controllers.\n\n", "edition": 4, "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "A636FC26-00D9-11E6-B704-000C292E4FD8", "href": "https://vuxml.freebsd.org/freebsd/a636fc26-00d9-11e6-b704-000c292e4fd8.html", "title": "samba -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}