Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-951-1.NASL
HistoryJun 17, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 : samba vulnerability (USN-951-1)

2010-06-1700:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-951-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(47035);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-2063");
  script_xref(name:"USN", value:"951-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 : samba vulnerability (USN-951-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jun Mao discovered that Samba did not correctly validate SMB1 packet
contents. An unauthenticated remote attacker could send specially
crafted network traffic that could execute arbitrary code as the root
user.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/951-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Samba chain_reply Memory Corruption (Linux x86)');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libpam-smbpass", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient-dev", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"python2.4-samba", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-common", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-dbg", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc-pdf", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbclient", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbfs", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"swat", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"winbind", pkgver:"3.0.22-1ubuntu3.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpam-smbpass", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient-dev", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-common", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-dbg", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc-pdf", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbclient", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbfs", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"swat", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"winbind", pkgver:"3.0.28a-1ubuntu4.12")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpam-smbpass", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient-dev", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libwbclient0", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba", pkgver:"2:3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-common", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-dbg", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc-pdf", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-tools", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbclient", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbfs", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"swat", pkgver:"3.3.2-1ubuntu3.5")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"winbind", pkgver:"3.3.2-1ubuntu3.5")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpam-smbpass / libsmbclient / libsmbclient-dev / libwbclient0 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibpam-smbpassp-cpe:/a:canonical:ubuntu_linux:libpam-smbpass
canonicalubuntu_linuxlibsmbclientp-cpe:/a:canonical:ubuntu_linux:libsmbclient
canonicalubuntu_linuxlibsmbclient-devp-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev
canonicalubuntu_linuxlibwbclient0p-cpe:/a:canonical:ubuntu_linux:libwbclient0
canonicalubuntu_linuxpython2.4-sambap-cpe:/a:canonical:ubuntu_linux:python2.4-samba
canonicalubuntu_linuxsambap-cpe:/a:canonical:ubuntu_linux:samba
canonicalubuntu_linuxsamba-commonp-cpe:/a:canonical:ubuntu_linux:samba-common
canonicalubuntu_linuxsamba-dbgp-cpe:/a:canonical:ubuntu_linux:samba-dbg
canonicalubuntu_linuxsamba-docp-cpe:/a:canonical:ubuntu_linux:samba-doc
canonicalubuntu_linuxsamba-doc-pdfp-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf
Rows per page:
1-10 of 181

Related

nessus 18
veracode 1
osv 1
debian 1
securityvulns 2
openvas 25
slackware 1
seebug 2
f5 2
cve 1
redhat 1
ubuntu 1
debiancve 1
prion 1
altlinux 1
packetstorm 1
oraclelinux 1
centos 1
checkpoint_advisories 1
ubuntucve 1
samba 1
suse 2
vmware 2
gentoo 1
nessus
nessus
Mandriva Linux Security Advisory : samba (MDVSA-2010:119)
2010-06-18 00:00:00
Scientific Linux Security Update : samba and samba3x on SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 3 / 4 / 5 : samba / samba3x (ELSA-2010-0488)
2013-07-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:16
osv
osv
samba - arbitrary code execution
2010-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2061-1] New samba packages fix arbitrary code execution
2010-06-16 20:41:13
securityvulns
securityvulns
iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability
2010-06-20 00:00:00
Samba buffer overflow
2010-06-20 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2010-0488)
2015-10-06 00:00:00
Mandriva Update for samba MDVSA-2010:119 (samba)
2010-06-18 00:00:00
CentOS Update for libtalloc CESA-2010:0488 centos5 i386
2011-08-09 00:00:00
slackware
slackware
[slackware-security] samba
2010-06-18 21:10:09
seebug
seebug
Samba SMB1ๆŠฅๆ–‡้“พๆŽฅ่ฟœ็จ‹ๅ†…ๅญ˜็ ดๅๆผๆดž
2010-06-18 00:00:00
VMware ESX Service Consoleๅคšไธชๅฎ‰ๅ…จๆผๆดž
2012-01-13 00:00:00
f5
f5
K11720 : Samba server vulnerability CVE-2010-2063
2013-07-05 00:00:00
SOL11720 - Samba server vulnerability CVE-2010-2063
2010-06-21 00:00:00
cve
cve
CVE-2010-2063
2010-06-17 16:30:00
redhat
redhat
(RHSA-2010:0488) Critical: samba and samba3x security update
2010-06-16 00:00:00
ubuntu
ubuntu
Samba vulnerability
2010-06-16 00:00:00
debiancve
debiancve
CVE-2010-2063
2010-06-17 16:30:00
prion
prion
Buffer overflow
2010-06-17 16:30:00
altlinux
altlinux
Security fix for the ALT Linux 5 package samba version 3.0.37-alt2.M50P.1
2010-06-16 00:00:00
packetstorm
packetstorm
Samba chain_reply Memory Corruption (Linux x86)
2010-07-17 00:00:00
oraclelinux
oraclelinux
samba and samba3x security update
2010-06-16 00:00:00
centos
centos
libsmbclient, libtalloc, libtdb, samba, samba3x, tdb security update
2010-06-19 11:45:05
checkpoint_advisories
checkpoint_advisories
Update Protection against SAMBA SMBI Packets Chaining Memory Corruption
2010-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2010-2063
2010-06-16 00:00:00
samba
samba
Memory Corruption Vulnerability
2010-06-16 00:00:00
suse
suse
potential remote code execution in samba
2010-07-01 11:11:15
Security update for Samba (critical)
2012-03-09 17:08:16
vmware
vmware
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2012-06-24 00:00:00
JSON
Related for UBUNTU_USN-951-1.NASL
nessus18veracode1osv1debian1securityvulns2openvas25slackware1seebug2f52cve1redhat1ubuntu1debiancve1prion1altlinux1packetstorm1oraclelinux1centos1checkpoint_advisories1ubuntucve1samba1suse2vmware2gentoo1