Scientific Linux Security Update : samba4 on SL6.x i386/x86_64

2017-11-30T00:00:00
ID SL_20171129_SAMBA4_ON_SL6_X.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-01-02T00:00:00

Description

Security Fix(es) :

  • A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746)

  • A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially crafted requests to the samba server. (CVE-2017-15275)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(104868);
  script_version("3.8");
  script_cvs_date("Date: 2018/12/27 10:05:37");

  script_cve_id("CVE-2017-14746", "CVE-2017-15275");

  script_name(english:"Scientific Linux Security Update : samba4 on SL6.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - A use-after-free flaw was found in the way samba servers
    handled certain SMB1 requests. An unauthenticated
    attacker could send specially crafted SMB1 requests to
    cause the server to crash or execute arbitrary code.
    (CVE-2017-14746)

  - A memory disclosure flaw was found in samba. An attacker
    could retrieve parts of server memory, which could
    contain potentially sensitive data, by sending specially
    crafted requests to the samba server. (CVE-2017-15275)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1711&L=scientific-linux-errata&F=&S=&P=7740
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5a5f0fb3"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"samba4-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-client-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-common-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-dc-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-dc-libs-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-debuginfo-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-devel-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-libs-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-pidl-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-python-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-test-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-clients-4.2.10-12.el6_9")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-krb5-locator-4.2.10-12.el6_9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");