Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-918-1.NASL
HistoryMar 25, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : samba vulnerability (USN-918-1)

2010-03-2500:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

It was discovered the Samba handled symlinks in an unexpected way when both ‘wide links’ and ‘UNIX extensions’ were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-918-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(45343);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-0926");
  script_bugtraq_id(38111);
  script_xref(name:"USN", value:"918-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : samba vulnerability (USN-918-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered the Samba handled symlinks in an unexpected way when
both 'wide links' and 'UNIX extensions' were enabled, which is the
default. A remote attacker could create symlinks and access arbitrary
files from the server.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/918-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libpam-smbpass", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient-dev", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"python2.4-samba", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-common", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-dbg", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc-pdf", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbclient", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbfs", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"swat", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"winbind", pkgver:"3.0.22-1ubuntu3.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpam-smbpass", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient-dev", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-common", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-dbg", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc-pdf", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbclient", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbfs", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"swat", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"winbind", pkgver:"3.0.28a-1ubuntu4.11")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libpam-smbpass", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsmbclient", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsmbclient-dev", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libwbclient0", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba", pkgver:"2:3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-common", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-dbg", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-doc", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-doc-pdf", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-tools", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"smbclient", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"smbfs", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"swat", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"winbind", pkgver:"3.2.3-1ubuntu3.8")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpam-smbpass", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient-dev", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libwbclient0", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba", pkgver:"2:3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-common", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-dbg", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc-pdf", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-tools", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbclient", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbfs", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"swat", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"winbind", pkgver:"3.3.2-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpam-smbpass", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libsmbclient", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libsmbclient-dev", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libwbclient0", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba", pkgver:"2:3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-common", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-common-bin", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-dbg", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-doc", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-doc-pdf", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-tools", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"smbclient", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"smbfs", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"swat", pkgver:"3.4.0-3ubuntu5.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"winbind", pkgver:"3.4.0-3ubuntu5.6")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpam-smbpass / libsmbclient / libsmbclient-dev / libwbclient0 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpam-smbpassp-cpe:/a:canonical:ubuntu_linux:libpam-smbpass
canonicalubuntu_linuxlibsmbclientp-cpe:/a:canonical:ubuntu_linux:libsmbclient
canonicalubuntu_linuxlibsmbclient-devp-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev
canonicalubuntu_linuxlibwbclient0p-cpe:/a:canonical:ubuntu_linux:libwbclient0
canonicalubuntu_linuxpython2.4-sambap-cpe:/a:canonical:ubuntu_linux:python2.4-samba
canonicalubuntu_linuxsambap-cpe:/a:canonical:ubuntu_linux:samba
canonicalubuntu_linuxsamba-commonp-cpe:/a:canonical:ubuntu_linux:samba-common
canonicalubuntu_linuxsamba-common-binp-cpe:/a:canonical:ubuntu_linux:samba-common-bin
canonicalubuntu_linuxsamba-dbgp-cpe:/a:canonical:ubuntu_linux:samba-dbg
canonicalubuntu_linuxsamba-docp-cpe:/a:canonical:ubuntu_linux:samba-doc
Rows per page:
1-10 of 211

Related

openvas 6
veracode 1
nessus 10
exploitpack 1
securityvulns 1
redhat 1
ubuntucve 1
ubuntu 1
cve 2
debiancve 1
prion 2
samba 1
exploitdb 1
seebug 1
oraclelinux 1
openvas
openvas
Ubuntu Update for samba vulnerability USN-918-1
2010-03-31 00:00:00
Ubuntu: Security Advisory (USN-918-1)
2010-03-31 00:00:00
Samba Symlink Directory Traversal Vulnerability
2010-02-08 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 01:11:30
nessus
nessus
Oracle Linux 5 : samba (ELSA-2012-0313)
2013-07-12 00:00:00
Samba Symlink Traversal Arbitrary File Access (unsafe check)
2010-02-08 00:00:00
RHEL 5 : samba (RHSA-2012:0313)
2012-02-21 00:00:00
exploitpack
exploitpack
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
2017-03-27 00:00:00
securityvulns
securityvulns
Samba directory traversal
2010-02-06 00:00:00
redhat
redhat
(RHSA-2012:0313) Low: samba security, bug fix, and enhancement update
2012-02-21 00:00:00
ubuntucve
ubuntucve
CVE-2010-0926
2010-03-10 00:00:00
ubuntu
ubuntu
Samba vulnerability
2010-03-24 00:00:00
cve
cve
CVE-2010-0926
2010-03-10 20:13:00
CVE-2010-1381
2010-06-17 16:30:00
debiancve
debiancve
CVE-2010-0926
2010-03-10 20:13:00
prion
prion
Directory traversal
2010-03-10 20:13:00
Default configuration
2010-06-17 16:30:00
samba
samba
Change parameter "wide links" to default to "no";
2010-02-02 00:00:00
exploitdb
exploitdb
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
2017-03-27 00:00:00
seebug
seebug
Samba: symlink race permits opening files outside share directory (CVE-2017-2619)
2017-03-28 00:00:00
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2012-03-01 00:00:00
JSON
Related for UBUNTU_USN-918-1.NASL
openvas6veracode1nessus10exploitpack1securityvulns1redhat1ubuntucve1ubuntu1cve2debiancve1prion2samba1exploitdb1seebug1oraclelinux1