Lucene search
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20180619_SAMBA4_ON_SL6_X.NASLHistoryJul 03, 2018 - 12:00 a.m.
Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20180619)
2018-07-0300:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
CVSS2
3.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
4.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.9
Confidence
Low
EPSS
0.024
Percentile
90.1%
Security Fix(es) :
- samba: NULL pointer indirection in printer server process (CVE-2018-1050)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('compat.inc');
if (description)
{
script_id(110890);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");
script_cve_id("CVE-2018-1050");
script_name(english:"Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20180619)");
script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Security Fix(es) :
- samba: NULL pointer indirection in printer server
process (CVE-2018-1050)");
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=390
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59aac2b0");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1050");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-dc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-dc-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-pidl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-krb5-locator");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Scientific Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"samba4-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-client-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-common-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-dc-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-dc-libs-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-debuginfo-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-devel-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-libs-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-pidl-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-python-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-test-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-clients-4.2.10-15.el6")) flag++;
if (rpm_check(release:"SL6", reference:"samba4-winbind-krb5-locator-4.2.10-15.el6")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc");
}
Related
openvas
openvas
Debian: Security Advisory (DLA-1320-1)
2018-03-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0774-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3595-2)
2022-08-26 00:00:00
ibm
ibm
Security Bulletin: Public disclosed vulnerability from Samba affect IBM Netezza Host Management
2019-10-18 03:36:34
Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050)
2018-10-17 12:20:01
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
f5
f5
K01494912 : Samba vulnerability CVE-2018-1050
2020-12-17 00:00:00
nessus
nessus
CentOS 6 : samba (CESA-2018:1860)
2018-06-22 00:00:00
openSUSE Security Update : samba / talloc / tevent (openSUSE-2018-300)
2018-03-27 00:00:00
RHEL 6 : samba4 (RHSA-2018:1883)
2018-06-19 00:00:00
cve
cve
CVE-2018-1050
2018-03-13 16:29:00
oraclelinux
oraclelinux
samba4 security and bug fix update
2018-06-25 00:00:00
samba security, bug fix, and enhancement update
2018-11-05 00:00:00
samba security and bug fix update
2018-06-25 00:00:00
ubuntu
ubuntu
Samba vulnerability
2018-03-23 00:00:00
Samba vulnerabilities
2018-03-13 00:00:00
prion
prion
Design/Logic Flaw
2018-03-13 16:29:00
cbl_mariner
cbl_mariner
CVE-2018-1050 affecting package samba for versions less than 4.12.5-6
2024-04-30 02:42:18
osv
osv
samba - security update
2018-03-27 00:00:00
CVE-2018-1050
2018-03-13 16:29:00
samba - security update
2018-03-13 00:00:00
redhat
redhat
(RHSA-2018:1860) Low: samba security and bug fix update
2018-06-19 02:11:16
(RHSA-2018:1883) Low: samba4 security and bug fix update
2018-06-19 02:11:50
(RHSA-2018:2613) Moderate: samba security, bug fix and enhancement update
2018-09-04 06:19:22
ubuntucve
ubuntucve
CVE-2018-1050
2018-03-13 00:00:00
debiancve
debiancve
CVE-2018-1050
2018-03-13 16:29:00
nvd
nvd
CVE-2018-1050
2018-03-13 16:29:00
checkpoint_advisories
checkpoint_advisories
Samba Printer Server spoolss Denial Of Service (CVE-2018-1050)
2018-06-03 00:00:00
centos
centos
libsmbclient, samba security update
2018-06-21 11:56:04
samba4 security update
2018-06-21 11:56:05
ctdb, libsmbclient, libwbclient, samba security update
2018-12-14 16:36:48
debian
debian
[SECURITY] [DLA 1320-1] samba security update
2018-03-27 22:36:20
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
samba
samba
Denial of Service Attack on external print server.
2018-03-13 00:00:00
redhatcve
redhatcve
CVE-2018-1050
2019-10-09 10:03:19
alpinelinux
alpinelinux
CVE-2018-1050
2018-03-13 16:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:30
cvelist
cvelist
CVE-2018-1050
2018-03-13 16:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: samba-4.6.14-0.fc26
2018-03-20 17:38:39
[SECURITY] Fedora 27 Update: libldb-1.3.2-1.fc27
2018-03-14 19:40:43
[SECURITY] Fedora 27 Update: samba-4.7.6-0.fc27
2018-03-14 19:40:44
altlinux
altlinux
Security fix for the ALT Linux 8 package samba-DC version 4.6.14-alt1
2018-03-12 00:00:00
Security fix for the ALT Linux 8 package samba version 4.6.14-alt1
2018-03-12 00:00:00
Security fix for the ALT Linux 10 package samba version 4.6.14-alt1.S1.1
2018-03-15 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2018-01-03 00:00:00
threatpost
threatpost
Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 12:56:17
cisa
cisa
Samba Releases Security Updates
2018-03-13 00:00:00
thn
thn
mageia
mageia
Updated samba packages fix security vulnerabilities
2018-04-13 23:08:48
archlinux
archlinux
[ASA-201803-10] samba: multiple issues
2018-03-13 00:00:00
amazon
amazon
Medium: samba
2019-01-22 17:55:00
Medium: samba
2018-12-13 20:13:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2018-05-22 00:00:00
CVSS2
3.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
4.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.9
Confidence
Low
EPSS
0.024
Percentile
90.1%
Related for SL_20180619_SAMBA4_ON_SL6_X.NASL