ID OPENVAS:136141256231066161 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates to samba announced in
advisory CESA-2009:1529.
#CESA-2009:1529 66161 4
# $Id: ovcesa2009_1529.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory CESA-2009:1529 (samba)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "For details on the issues addressed in this update,
please visit the referenced security advisories.";
tag_solution = "Update the appropriate packages on your system.
http://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1529
http://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1529
https://rhn.redhat.com/errata/RHSA-2009-1529.html";
tag_summary = "The remote host is missing updates to samba announced in
advisory CESA-2009:1529.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.66161");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)");
script_cve_id("CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_name("CentOS Security Advisory CESA-2009:1529 (samba)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~0.18.el4_8", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~0.18.el4_8", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~0.18.el4_8", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~0.18.el4_8", rls:"CentOS4")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba", rpm:"samba~3.0.33~3.15.el5_4", rls:"CentOS5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.33~3.15.el5_4", rls:"CentOS5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.33~3.15.el5_4", rls:"CentOS5")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.33~3.15.el5_4", rls:"CentOS5")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231066161", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Security Advisory CESA-2009:1529 (samba)", "description": "The remote host is missing updates to samba announced in\nadvisory CESA-2009:1529.", "published": "2009-11-11T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066161", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "lastseen": "2018-04-06T11:38:24", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-04-06T11:38:24", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2009-1529.NASL", "UBUNTU_USN-839-1.NASL", "MANDRIVA_MDVSA-2009-320.NASL", "VMWARE_VMSA-2010-0006_REMOTE.NASL", "REDHAT-RHSA-2009-1585.NASL", "REDHAT-RHSA-2009-1529.NASL", "SL_20091027_SAMBA_ON_SL3_X.NASL", "CENTOS_RHSA-2009-1529.NASL", "VMWARE_VMSA-2010-0006.NASL", "SUSE_11_0_CIFS-MOUNT-090930.NASL"]}, {"type": "centos", "idList": ["CESA-2009:1529", "CESA-2009:1528"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066405", "OPENVAS:66243", "OPENVAS:66161", "OPENVAS:880727", "OPENVAS:136141256231066119", "OPENVAS:1361412562310880722", "OPENVAS:65011", "OPENVAS:880722", "OPENVAS:66405", "OPENVAS:1361412562310880727"]}, {"type": "vmware", "idList": ["VMSA-2010-0006"]}, {"type": "ubuntu", "idList": ["USN-839-1"]}, {"type": "redhat", "idList": ["RHSA-2009:1528", "RHSA-2009:1529", "RHSA-2009:1585"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1529"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22637", "SECURITYVULNS:VULN:10322"]}, {"type": "slackware", "idList": ["SSA-2009-276-01"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1908-1:D4D84"]}, {"type": "seebug", "idList": ["SSV:12451", "SSV:12452", "SSV:12453"]}, {"type": "samba", "idList": ["SAMBA:CVE-2009-2813", "SAMBA:CVE-2009-2906", "SAMBA:CVE-2009-1888", "SAMBA:CVE-2009-2948"]}], "modified": "2018-04-06T11:38:24", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "136141256231066161", "sourceData": "#CESA-2009:1529 66161 4\n# $Id: ovcesa2009_1529.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1529 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1529\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1529\nhttps://rhn.redhat.com/errata/RHSA-2009-1529.html\";\ntag_summary = \"The remote host is missing updates to samba announced in\nadvisory CESA-2009:1529.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66161\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1529 (samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "CentOS Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:54:16", "description": "smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.", "edition": 3, "cvss3": {}, "published": "2009-10-07T18:30:00", "title": "CVE-2009-2906", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2906"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.4", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.3", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.2", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.28a", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2009-2906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2906", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:16", "description": "mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.", "edition": 3, "cvss3": {}, "published": "2009-10-07T18:30:00", "title": "CVE-2009-2948", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2948"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.4", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.3", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.2", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.28a", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2009-2948", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2948", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:19", "description": "The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.", "edition": 5, "cvss3": {}, "published": "2009-06-25T01:30:00", "title": "CVE-2009-1888", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1888"], "modified": "2018-11-08T20:37:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "CVE-2009-1888", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1888", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-10-03T11:54:16", "description": "Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.", "edition": 3, "cvss3": {}, "published": "2009-09-14T16:30:00", "title": "CVE-2009-2813", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2813"], "modified": "2018-10-10T19:42:00", "cpe": ["cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/o:apple:mac_os_x_server:10.5.8", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.4", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.3", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.27a", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.2", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.28a", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/o:fedoraproject:fedora:11", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.0.31", "cpe:/o:apple:mac_os_x:10.5.8"], "id": "CVE-2009-2813", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2813", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-27T10:56:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1585.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information. These samba3x packages provide Samba 3.3, which is a\nTechnology Preview for Red Hat Enterprise Linux 5. These packages cannot be\ninstalled in parallel with the samba packages. Note: Technology Previews\nare not intended for production use.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba3x packages distributed by Red Hat does not have the setuid\nbit set. This flaw only affected systems where the setuid bit was manually\nset by an administrator. (CVE-2009-2948)\n\nThese packages upgrade Samba from version 3.3.5 to version 3.3.8. Refer to\nthe Samba Release Notes for a list of changes between versions:\n\nUsers of samba3x should upgrade to these updated packages, which resolve\nthese issues. After installing this update, the smb service will be\nrestarted automatically.", "modified": "2017-07-12T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:66243", "href": "http://plugins.openvas.org/nasl.php?oid=66243", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1585", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1585.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1585 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\n\nhttp://rhn.redhat.com/errata/RHSA-2009-1585.html\nhttp://www.redhat.com/security/updates/classification/#moderate\nhttp://www.redhat.com/support/policy/soc/production/preview_scope/\nhttp://samba.org/samba/history/\";\n\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1585.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information. These samba3x packages provide Samba 3.3, which is a\nTechnology Preview for Red Hat Enterprise Linux 5. These packages cannot be\ninstalled in parallel with the samba packages. Note: Technology Previews\nare not intended for production use.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba3x packages distributed by Red Hat does not have the setuid\nbit set. This flaw only affected systems where the setuid bit was manually\nset by an administrator. (CVE-2009-2948)\n\nThese packages upgrade Samba from version 3.3.5 to version 3.3.8. Refer to\nthe Samba Release Notes for a list of changes between versions:\n\nUsers of samba3x should upgrade to these updated packages, which resolve\nthese issues. After installing this update, the smb service will be\nrestarted automatically.\";\n\n\n\nif(description)\n{\n script_id(66243);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1585\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://samba.org/samba/history/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.34~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.34~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc\", rpm:\"libtalloc~1.2.0~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~1.2.0~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb\", rpm:\"libtdb~1.1.2~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~1.1.2~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.3.8~0.46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tdb-tools\", rpm:\"tdb-tools~1.1.2~46.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880722", "type": "openvas", "title": "CentOS Update for samba CESA-2009:1529 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2009:1529 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016200.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880722\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1529\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_name(\"CentOS Update for samba CESA-2009:1529 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"samba on CentOS 4\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A denial of service flaw was found in the Samba smbd daemon. An\n authenticated, remote user could send a specially-crafted response that\n would cause an smbd child process to enter an infinite loop. An\n authenticated, remote user could use this flaw to exhaust system resources\n by opening multiple CIFS sessions. (CVE-2009-2906)\n\n An uninitialized data access flaw was discovered in the smbd daemon when\n using the non-default 'dos filemode' configuration option in 'smb.conf'. An\n authenticated, remote user with write access to a file could possibly use\n this flaw to change an access control list for that file, even when such\n access should have been denied. (CVE-2009-1888)\n\n A flaw was discovered in the way Samba handled users without a home\n directory set in the back-end password database (e.g. '/etc/passwd'). If a\n share for the home directory of such a user was created (e.g. using the\n automated '[homes]' share), any user able to access that share could see\n the whole file system, possibly bypassing intended access restrictions.\n (CVE-2009-2813)\n\n The mount.cifs program printed CIFS passwords as part of its debug output\n when running in verbose mode. When mount.cifs had the setuid bit set, a\n local, unprivileged user could use this flaw to disclose passwords from a\n file that would otherwise be inaccessible to that user. Note: mount.cifs\n from the samba packages distributed by Red Hat does not have the setuid bit\n set. This flaw only affected systems where the setuid bit was manually set\n by an administrator. (CVE-2009-2948)\n\n Users of Samba should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "Check for the Version of samba", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880727", "href": "http://plugins.openvas.org/nasl.php?oid=880727", "type": "openvas", "title": "CentOS Update for samba CESA-2009:1529 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2009:1529 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A denial of service flaw was found in the Samba smbd daemon. An\n authenticated, remote user could send a specially-crafted response that\n would cause an smbd child process to enter an infinite loop. An\n authenticated, remote user could use this flaw to exhaust system resources\n by opening multiple CIFS sessions. (CVE-2009-2906)\n \n An uninitialized data access flaw was discovered in the smbd daemon when\n using the non-default "dos filemode" configuration option in "smb.conf". An\n authenticated, remote user with write access to a file could possibly use\n this flaw to change an access control list for that file, even when such\n access should have been denied. (CVE-2009-1888)\n \n A flaw was discovered in the way Samba handled users without a home\n directory set in the back-end password database (e.g. "/etc/passwd"). If a\n share for the home directory of such a user was created (e.g. using the\n automated "[homes]" share), any user able to access that share could see\n the whole file system, possibly bypassing intended access restrictions.\n (CVE-2009-2813)\n \n The mount.cifs program printed CIFS passwords as part of its debug output\n when running in verbose mode. When mount.cifs had the setuid bit set, a\n local, unprivileged user could use this flaw to disclose passwords from a\n file that would otherwise be inaccessible to that user. Note: mount.cifs\n from the samba packages distributed by Red Hat does not have the setuid bit\n set. This flaw only affected systems where the setuid bit was manually set\n by an administrator. (CVE-2009-2948)\n \n Users of Samba should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016276.html\");\n script_id(880727);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1529\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_name(\"CentOS Update for samba CESA-2009:1529 centos5 i386\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing an update to samba\nannounced via advisory MDVSA-2009:320.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066405", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066405", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:320 (samba)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_320.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:320 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in samba:\n\nThe acl_group_override function in smbd/posix_acls.c in smbd in Samba\n3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before\n3.3.6, when dos filemode is enabled, allows remote attackers to modify\naccess control lists for files via vectors related to read access to\nuninitialized memory (CVE-2009-1888).\n\nThe SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows\nFile Sharing is enabled, does not properly handle errors in resolving\npathnames, which allows remote authenticated users to bypass intended\nsharing restrictions, and read, create, or modify files, in certain\ncircumstances involving user accounts that lack home directories\n(CVE-2009-2813).\n\nsmbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,\nand 3.4 before 3.4.2 allows remote authenticated users to cause a\ndenial of service (infinite loop) via an unanticipated oplock break\nnotification reply packet (CVE-2009-2906).\n\nmount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before\n3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,\ndoes not properly enforce permissions, which allows local users to\nread part of the credentials file and obtain the password by specifying\nthe path to the credentials file and using the --verbose or -v option\n(CVE-2009-2948).\n\nThe version of samba shipping with Mandriva Linux 2008.0 has been\nupdated to the latest version (3.0.37) that includes the fixes for\nthese issues.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:320\nhttp://www.samba.org/samba/security/CVE-2009-2813.html\nhttp://www.samba.org/samba/security/CVE-2009-2906.html\nhttp://www.samba.org/samba/security/CVE-2009-2948.html\";\ntag_summary = \"The remote host is missing an update to samba\nannounced via advisory MDVSA-2009:320.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66405\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:320 (samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-vscan-icap\", rpm:\"samba-vscan-icap~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.0.37~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880727", "type": "openvas", "title": "CentOS Update for samba CESA-2009:1529 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2009:1529 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016276.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880727\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1529\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_name(\"CentOS Update for samba CESA-2009:1529 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"samba on CentOS 5\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A denial of service flaw was found in the Samba smbd daemon. An\n authenticated, remote user could send a specially-crafted response that\n would cause an smbd child process to enter an infinite loop. An\n authenticated, remote user could use this flaw to exhaust system resources\n by opening multiple CIFS sessions. (CVE-2009-2906)\n\n An uninitialized data access flaw was discovered in the smbd daemon when\n using the non-default 'dos filemode' configuration option in 'smb.conf'. An\n authenticated, remote user with write access to a file could possibly use\n this flaw to change an access control list for that file, even when such\n access should have been denied. (CVE-2009-1888)\n\n A flaw was discovered in the way Samba handled users without a home\n directory set in the back-end password database (e.g. '/etc/passwd'). If a\n share for the home directory of such a user was created (e.g. using the\n automated '[homes]' share), any user able to access that share could see\n the whole file system, possibly bypassing intended access restrictions.\n (CVE-2009-2813)\n\n The mount.cifs program printed CIFS passwords as part of its debug output\n when running in verbose mode. When mount.cifs had the setuid bit set, a\n local, unprivileged user could use this flaw to disclose passwords from a\n file that would otherwise be inaccessible to that user. Note: mount.cifs\n from the samba packages distributed by Red Hat does not have the setuid bit\n set. This flaw only affected systems where the setuid bit was manually set\n by an administrator. (CVE-2009-2948)\n\n Users of Samba should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:40:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1529.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066119", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066119", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1529", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1529.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1529 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1529.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66119\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1529\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1529.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "Check for the Version of samba", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880722", "href": "http://plugins.openvas.org/nasl.php?oid=880722", "type": "openvas", "title": "CentOS Update for samba CESA-2009:1529 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2009:1529 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A denial of service flaw was found in the Samba smbd daemon. An\n authenticated, remote user could send a specially-crafted response that\n would cause an smbd child process to enter an infinite loop. An\n authenticated, remote user could use this flaw to exhaust system resources\n by opening multiple CIFS sessions. (CVE-2009-2906)\n \n An uninitialized data access flaw was discovered in the smbd daemon when\n using the non-default "dos filemode" configuration option in "smb.conf". An\n authenticated, remote user with write access to a file could possibly use\n this flaw to change an access control list for that file, even when such\n access should have been denied. (CVE-2009-1888)\n \n A flaw was discovered in the way Samba handled users without a home\n directory set in the back-end password database (e.g. "/etc/passwd"). If a\n share for the home directory of such a user was created (e.g. using the\n automated "[homes]" share), any user able to access that share could see\n the whole file system, possibly bypassing intended access restrictions.\n (CVE-2009-2813)\n \n The mount.cifs program printed CIFS passwords as part of its debug output\n when running in verbose mode. When mount.cifs had the setuid bit set, a\n local, unprivileged user could use this flaw to disclose passwords from a\n file that would otherwise be inaccessible to that user. Note: mount.cifs\n from the samba packages distributed by Red Hat does not have the setuid bit\n set. This flaw only affected systems where the setuid bit was manually set\n by an administrator. (CVE-2009-2948)\n \n Users of Samba should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing this update,\n the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016200.html\");\n script_id(880722);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1529\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_name(\"CentOS Update for samba CESA-2009:1529 centos4 i386\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1529.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.", "modified": "2017-07-12T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66119", "href": "http://plugins.openvas.org/nasl.php?oid=66119", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1529", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1529.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1529 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1529.\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default dos filemode configuration option in smb.conf. An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. /etc/passwd). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated [homes] share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66119);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1529\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1529.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "The remote host is missing updates to samba announced in\nadvisory CESA-2009:1529.", "modified": "2017-07-10T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66161", "href": "http://plugins.openvas.org/nasl.php?oid=66161", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1529 (samba)", "sourceData": "#CESA-2009:1529 66161 4\n# $Id: ovcesa2009_1529.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1529 (samba)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1529\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1529\nhttps://rhn.redhat.com/errata/RHSA-2009-1529.html\";\ntag_summary = \"The remote host is missing updates to samba announced in\nadvisory CESA-2009:1529.\";\n\n\n\nif(description)\n{\n script_id(66161);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1529 (samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.18.el4_8\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "Oracle Linux Local Security Checks ELSA-2009-1529", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122425", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1529", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1529.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122425\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:07 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1529\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1529 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1529\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1529.html\");\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.15.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.15.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.15.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.15.el5_4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:25:58", "description": "Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.", "edition": 27, "published": "2009-10-28T00:00:00", "title": "CentOS 4 / 5 : samba (CESA-2009:1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2009-10-28T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-common", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1529.NASL", "href": "https://www.tenable.com/plugins/nessus/42266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1529 and \n# CentOS Errata and Security Advisory 2009:1529 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42266);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"RHSA\", value:\"2009:1529\");\n\n script_name(english:\"CentOS 4 / 5 : samba (CESA-2009:1529)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016200.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20e49ed2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016201.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?779911fe\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59b34b65\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebdabe0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-client-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-common-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-swat-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-0.18.el4_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:26", "description": "Multiple vulnerabilities has been found and corrected in samba :\n\nThe acl_group_override function in smbd/posix_acls.c in smbd in Samba\n3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before\n3.3.6, when dos filemode is enabled, allows remote attackers to modify\naccess control lists for files via vectors related to read access to\nuninitialized memory (CVE-2009-1888).\n\nThe SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows\nFile Sharing is enabled, does not properly handle errors in resolving\npathnames, which allows remote authenticated users to bypass intended\nsharing restrictions, and read, create, or modify files, in certain\ncircumstances involving user accounts that lack home directories\n(CVE-2009-2813).\n\nsmbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,\nand 3.4 before 3.4.2 allows remote authenticated users to cause a\ndenial of service (infinite loop) via an unanticipated oplock break\nnotification reply packet (CVE-2009-2906).\n\nmount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before\n3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,\ndoes not properly enforce permissions, which allows local users to\nread part of the credentials file and obtain the password by\nspecifying the path to the credentials file and using the --verbose or\n-v option (CVE-2009-2948).\n\nThe version of samba shipping with Mandriva Linux 2008.0 has been\nupdated to the latest version (3.0.37) that includes the fixes for\nthese issues.", "edition": 26, "published": "2009-12-07T00:00:00", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2009:320)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2009-12-07T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:samba-doc", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel", "p-cpe:/a:mandriva:linux:samba-vscan-icap", "p-cpe:/a:mandriva:linux:samba-client", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:mount-cifs", "p-cpe:/a:mandriva:linux:lib64smbclient0-devel", "p-cpe:/a:mandriva:linux:lib64smbclient0", "p-cpe:/a:mandriva:linux:samba-winbind", "p-cpe:/a:mandriva:linux:libsmbclient0"], "id": "MANDRIVA_MDVSA-2009-320.NASL", "href": "https://www.tenable.com/plugins/nessus/43023", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:320. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43023);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"MDVSA\", value:\"2009:320\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2009:320)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in samba :\n\nThe acl_group_override function in smbd/posix_acls.c in smbd in Samba\n3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before\n3.3.6, when dos filemode is enabled, allows remote attackers to modify\naccess control lists for files via vectors related to read access to\nuninitialized memory (CVE-2009-1888).\n\nThe SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows\nFile Sharing is enabled, does not properly handle errors in resolving\npathnames, which allows remote authenticated users to bypass intended\nsharing restrictions, and read, create, or modify files, in certain\ncircumstances involving user accounts that lack home directories\n(CVE-2009-2813).\n\nsmbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,\nand 3.4 before 3.4.2 allows remote authenticated users to cause a\ndenial of service (infinite loop) via an unanticipated oplock break\nnotification reply packet (CVE-2009-2906).\n\nmount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before\n3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,\ndoes not properly enforce permissions, which allows local users to\nread part of the credentials file and obtain the password by\nspecifying the path to the credentials file and using the --verbose or\n-v option (CVE-2009-2948).\n\nThe version of samba shipping with Mandriva Linux 2008.0 has been\nupdated to the latest version (3.0.37) that includes the fixes for\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2813.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2948.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-vscan-icap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libsmbclient0-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"mount-cifs-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nss_wins-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-client-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-common-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-doc-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-server-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-swat-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-vscan-icap-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"samba-winbind-3.0.37-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:46", "description": "From Red Hat Security Advisory 2009:1529 :\n\nUpdated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : samba (ELSA-2009-1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba-common", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:samba-client", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-swat"], "id": "ORACLELINUX_ELSA-2009-1529.NASL", "href": "https://www.tenable.com/plugins/nessus/67947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1529 and \n# Oracle Linux Security Advisory ELSA-2009-1529 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67947);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"RHSA\", value:\"2009:1529\");\n\n script_name(english:\"Oracle Linux 4 / 5 : samba (ELSA-2009-1529)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1529 :\n\nUpdated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001216.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"samba-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-client-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-common-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-swat-3.0.33-0.18.el4_8\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:07", "description": "Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.", "edition": 28, "published": "2009-10-28T00:00:00", "title": "RHEL 4 / 5 : samba (RHSA-2009:1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2009-10-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:samba-client", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2009-1529.NASL", "href": "https://www.tenable.com/plugins/nessus/42286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1529. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42286);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"RHSA\", value:\"2009:1529\");\n\n script_name(english:\"RHEL 4 / 5 : samba (RHSA-2009:1529)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1529\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1529\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-3.0.33-0.18.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-client-3.0.33-0.18.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-common-3.0.33-0.18.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-swat-3.0.33-0.18.el4_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:14", "description": "Updated samba3x packages that fix multiple security issues and various\nbugs are now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. These samba3x packages provide Samba\n3.3, which is a Technology Preview for Red Hat Enterprise Linux 5.\nThese packages cannot be installed in parallel with the samba\npackages. Note: Technology Previews are not intended for production\nuse.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba3x packages distributed by Red\nHat does not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nThis update also fixes the following bugs :\n\n* the samba3x packages contained missing and conflicting license\ninformation. License information was missing for the libtalloc,\nlibtdb, and tdb-tools packages. The samba3x-common package provided a\nCOPYING file; however, it stated the license was GPLv2, while RPM\nmetadata stated the licenses were either GPLv3 or LGPLv3. This update\nadds the correct licensing information to the samba3x-common,\nlibsmbclient, libtalloc, libtdb, and tdb-tools packages. (BZ#528633)\n\n* the upstream Samba version in the samba3x packages distributed with\nthe RHEA-2009:1399 update contained broken implementations of the\nNetlogon credential chain and SAMR access checks security subsystems.\nThis prevented Samba from acting as a domain controller: Client\nsystems could not join the domain; users could not authenticate; and\nsystems could not access the user and group list. (BZ#524551)\n\n* this update resolves interoperability issues with Windows 7 and\nWindows Server 2008 R2. (BZ#529022)\n\nThese packages upgrade Samba from version 3.3.5 to version 3.3.8.\nRefer to the Samba Release Notes for a list of changes between\nversions: http://samba.org/samba/history/\n\nUsers of samba3x should upgrade to these updated packages, which\nresolve these issues. After installing this update, the smb service\nwill be restarted automatically.", "edition": 29, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : samba3x (RHSA-2009:1585)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2013-01-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libtalloc-devel", "p-cpe:/a:redhat:enterprise_linux:libtalloc", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:libtdb-devel", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:libtdb", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:samba3x", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel", "p-cpe:/a:redhat:enterprise_linux:tdb-tools"], "id": "REDHAT-RHSA-2009-1585.NASL", "href": "https://www.tenable.com/plugins/nessus/63900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1585. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63900);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"RHSA\", value:\"2009:1585\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2009:1585)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix multiple security issues and various\nbugs are now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. These samba3x packages provide Samba\n3.3, which is a Technology Preview for Red Hat Enterprise Linux 5.\nThese packages cannot be installed in parallel with the samba\npackages. Note: Technology Previews are not intended for production\nuse.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions. (CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba3x packages distributed by Red\nHat does not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948)\n\nThis update also fixes the following bugs :\n\n* the samba3x packages contained missing and conflicting license\ninformation. License information was missing for the libtalloc,\nlibtdb, and tdb-tools packages. The samba3x-common package provided a\nCOPYING file; however, it stated the license was GPLv2, while RPM\nmetadata stated the licenses were either GPLv3 or LGPLv3. This update\nadds the correct licensing information to the samba3x-common,\nlibsmbclient, libtalloc, libtdb, and tdb-tools packages. (BZ#528633)\n\n* the upstream Samba version in the samba3x packages distributed with\nthe RHEA-2009:1399 update contained broken implementations of the\nNetlogon credential chain and SAMR access checks security subsystems.\nThis prevented Samba from acting as a domain controller: Client\nsystems could not join the domain; users could not authenticate; and\nsystems could not access the user and group list. (BZ#524551)\n\n* this update resolves interoperability issues with Windows 7 and\nWindows Server 2008 R2. (BZ#529022)\n\nThese packages upgrade Samba from version 3.3.5 to version 3.3.8.\nRefer to the Samba Release Notes for a list of changes between\nversions: http://samba.org/samba/history/\n\nUsers of samba3x should upgrade to these updated packages, which\nresolve these issues. After installing this update, the smb service\nwill be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2948\"\n );\n # http://www.redhat.com/support/policy/soc/production/preview_scope/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/en/services/support\"\n );\n # http://samba.org/samba/history/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/history/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1585\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.4\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1585\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.34-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.34-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libtalloc-1.2.0-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libtalloc-devel-1.2.0-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libtdb-1.1.2-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"libtdb-devel-1.1.2-46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-client-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-common-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-doc-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-swat-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-winbind-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"samba3x-winbind-devel-3.3.8-0.46.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"4\", cpu:\"x86_64\", reference:\"tdb-tools-1.1.2-46.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / libtalloc / libtalloc-devel / etc\");\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:33", "description": "A denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions.(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948) This update also fixes the following bug for SL3 :\n\n - an earlier update added code to escape input passed to\n scripts that are run by Samba. This code was missing 'c'\n from the list of valid characters, causing it to be\n escaped. With this update, the previous patch has been\n updated to include 'c' in the list of valid characters.\n (BZ#242754)\n\nAfter installing this update, the smb service will be restarted\nautomatically.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091027_SAMBA_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60684);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially crafted response\nthat would cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system\nresources by opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon\nwhen using the non-default 'dos filemode' configuration option in\n'smb.conf'. An authenticated, remote user with write access to a file\ncould possibly use this flaw to change an access control list for that\nfile, even when such access should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. '/etc/passwd').\nIf a share for the home directory of such a user was created (e.g.\nusing the automated '[homes]' share), any user able to access that\nshare could see the whole file system, possibly bypassing intended\naccess restrictions.(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug\noutput when running in verbose mode. When mount.cifs had the setuid\nbit set, a local, unprivileged user could use this flaw to disclose\npasswords from a file that would otherwise be inaccessible to that\nuser. Note: mount.cifs from the samba packages distributed by Red Hat\ndoes not have the setuid bit set. This flaw only affected systems\nwhere the setuid bit was manually set by an administrator.\n(CVE-2009-2948) This update also fixes the following bug for SL3 :\n\n - an earlier update added code to escape input passed to\n scripts that are run by Samba. This code was missing 'c'\n from the list of valid characters, causing it to be\n escaped. With this update, the previous patch has been\n updated to include 'c' in the list of valid characters.\n (BZ#242754)\n\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=242754\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0910&L=scientific-linux-errata&T=0&P=2067\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a2ed9ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"samba-3.0.9-1.3E.16\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-client-3.0.9-1.3E.16\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-common-3.0.9-1.3E.16\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-swat-3.0.9-1.3E.16\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"samba-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-client-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-common-3.0.33-0.18.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-swat-3.0.33-0.18.el4_8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.15.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.15.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T15:20:16", "description": "a. Service Console update for samba to 3.0.33-3.15.el5_4.1\n\n This update changes the samba packages to\n samba-client-3.0.33-3.15.el5_4.1 and\n samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for\n security issues that were first fixed in\n samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813\n and CVE-2009-2948 to these issues.\n\nb. Service Console update for acpid to1.0.4-9.el5_4.2\n\n This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.\n This version includes the fix for a security issue that was first\n fixed in acpid-1.0.4-7.el5_4.1. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0798 to this issue.", "edition": 25, "published": "2010-04-02T00:00:00", "title": "VMSA-2010-0006 : ESX Service Console updates for samba and acpid", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-0798", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2010-04-02T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2010-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/45402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2010-0006. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45402);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0798\", \"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(34692, 36363, 36572, 36573);\n script_xref(name:\"VMSA\", value:\"2010-0006\");\n\n script_name(english:\"VMSA-2010-0006 : ESX Service Console updates for samba and acpid\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Service Console update for samba to 3.0.33-3.15.el5_4.1\n\n This update changes the samba packages to\n samba-client-3.0.33-3.15.el5_4.1 and\n samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for\n security issues that were first fixed in\n samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8.\n \n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813\n and CVE-2009-2948 to these issues.\n\nb. Service Console update for acpid to1.0.4-9.el5_4.2\n\n This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.\n This version includes the fix for a security issue that was first\n fixed in acpid-1.0.4-7.el5_4.1. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0798 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2011/000123.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2010-04-01\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201003403-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201003405-SG\",\n patch_updates : make_list(\"ESX400-201203404-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T15:20:16", "description": "The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities in several third-party\ncomponents and libraries :\n\n - A denial of service vulnerability exists in the ACPI\n Event Daemon (acpid) that allows a remote attacker to\n cause a consumption of CPU resources by opening a large\n number of UNIX sockets without closing them.\n (CVE-2009-0798)\n\n - A security bypass vulnerability exists in Samba in the\n acl_group_override() function when dos filemode is\n enabled. A remote attacker can exploit this to modify\n access control lists for files via vectors related to\n read access to uninitialized memory. (CVE-2009-1888)\n\n - A security bypass vulnerability exists in Samba in the\n SMB subsystem due to improper handling of errors when\n resolving pathnames. An authenticated, remote attacker\n can exploit this to bypass intended sharing\n restrictions, and read, create, or modify files, in\n certain circumstances involving user accounts that lack\n home directories. (CVE-2009-2813)\n\n - A denial of service vulnerability exists in Samba that\n allows authenticated, remote attackers to cause an\n infinite loop via an unanticipated oplock break\n notification reply packet. (CVE-2009-2906)\n\n - An information disclosure vulnerability exists in Samba\n in mount.cifs due to improper enforcement of\n permissions. A local attacker can exploit this to read\n part of the credentials file and obtain the password by\n specifying the path to the credentials file and using\n the --verbose or -v option. (CVE-2009-2948)", "edition": 25, "published": "2016-03-08T00:00:00", "title": "VMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-0798", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2016-03-08T00:00:00", "cpe": ["cpe:/o:vmware:esx"], "id": "VMWARE_VMSA-2010-0006_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89738);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-0798\",\n \"CVE-2009-1888\",\n \"CVE-2009-2813\",\n \"CVE-2009-2906\",\n \"CVE-2009-2948\"\n );\n script_bugtraq_id(\n 34692,\n 36363,\n 36572,\n 36573\n );\n script_xref(name:\"VMSA\", value:\"2010-0006\");\n\n script_name(english:\"VMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities in several third-party\ncomponents and libraries :\n\n - A denial of service vulnerability exists in the ACPI\n Event Daemon (acpid) that allows a remote attacker to\n cause a consumption of CPU resources by opening a large\n number of UNIX sockets without closing them.\n (CVE-2009-0798)\n\n - A security bypass vulnerability exists in Samba in the\n acl_group_override() function when dos filemode is\n enabled. A remote attacker can exploit this to modify\n access control lists for files via vectors related to\n read access to uninitialized memory. (CVE-2009-1888)\n\n - A security bypass vulnerability exists in Samba in the\n SMB subsystem due to improper handling of errors when\n resolving pathnames. An authenticated, remote attacker\n can exploit this to bypass intended sharing\n restrictions, and read, create, or modify files, in\n certain circumstances involving user accounts that lack\n home directories. (CVE-2009-2813)\n\n - A denial of service vulnerability exists in Samba that\n allows authenticated, remote attackers to cause an\n infinite loop via an unanticipated oplock break\n notification reply packet. (CVE-2009-2906)\n\n - An information disclosure vulnerability exists in Samba\n in mount.cifs due to improper enforcement of\n permissions. A local attacker can exploit this to read\n part of the credentials file and obtain the password by\n specifying the path to the credentials file and using\n the --verbose or -v option. (CVE-2009-2948)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2010-0006\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000123.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"244038\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:45", "description": "J. David Hester discovered that Samba incorrectly handled users that\nlack home directories when the automated [homes] share is enabled. An\nauthenticated user could connect to that share name and gain access to\nthe whole filesystem. (CVE-2009-2813)\n\nTim Prouty discovered that the smbd daemon in Samba incorrectly\nhandled certain unexpected network replies. A remote attacker could\nsend malicious replies to the server and cause smbd to use all\navailable CPU, leading to a denial of service. (CVE-2009-2906)\n\nRonald Volgers discovered that the mount.cifs utility, when installed\nas a setuid program, would not verify user permissions before opening\na credentials file. A local user could exploit this to use or read the\ncontents of unauthorized credential files. (CVE-2009-2948)\n\nReinhard Nissl discovered that the smbclient utility contained format\nstring vulnerabilities in its file name handling. Because of security\nfeatures in Ubuntu, exploitation of this vulnerability is limited. If\na user or automated system were tricked into processing a specially\ncrafted file name, smbclient could be made to crash, possibly leading\nto a denial of service. This only affected Ubuntu 8.10.\n(CVE-2009-1886)\n\nJeremy Allison discovered that the smbd daemon in Samba incorrectly\nhandled permissions to modify access control lists when dos filemode\nis enabled. A remote attacker could exploit this to modify access\ncontrol lists. This only affected Ubuntu 8.10 and Ubuntu 9.04.\n(CVE-2009-1886).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-10-02T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1886", "CVE-2009-1888", "CVE-2009-2948"], "modified": "2009-10-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba-doc", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:samba-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:swat", "p-cpe:/a:canonical:ubuntu_linux:smbfs", "p-cpe:/a:canonical:ubuntu_linux:winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf", "p-cpe:/a:canonical:ubuntu_linux:samba-dbg", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:python2.4-samba", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-839-1.NASL", "href": "https://www.tenable.com/plugins/nessus/41968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-839-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41968);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1886\", \"CVE-2009-1888\", \"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"USN\", value:\"839-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : samba vulnerabilities (USN-839-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"J. David Hester discovered that Samba incorrectly handled users that\nlack home directories when the automated [homes] share is enabled. An\nauthenticated user could connect to that share name and gain access to\nthe whole filesystem. (CVE-2009-2813)\n\nTim Prouty discovered that the smbd daemon in Samba incorrectly\nhandled certain unexpected network replies. A remote attacker could\nsend malicious replies to the server and cause smbd to use all\navailable CPU, leading to a denial of service. (CVE-2009-2906)\n\nRonald Volgers discovered that the mount.cifs utility, when installed\nas a setuid program, would not verify user permissions before opening\na credentials file. A local user could exploit this to use or read the\ncontents of unauthorized credential files. (CVE-2009-2948)\n\nReinhard Nissl discovered that the smbclient utility contained format\nstring vulnerabilities in its file name handling. Because of security\nfeatures in Ubuntu, exploitation of this vulnerability is limited. If\na user or automated system were tricked into processing a specially\ncrafted file name, smbclient could be made to crash, possibly leading\nto a denial of service. This only affected Ubuntu 8.10.\n(CVE-2009-1886)\n\nJeremy Allison discovered that the smbd daemon in Samba incorrectly\nhandled permissions to modify access control lists when dos filemode\nis enabled. A remote attacker could exploit this to modify access\ncontrol lists. This only affected Ubuntu 8.10 and Ubuntu 9.04.\n(CVE-2009-1886).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/839-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(134, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpam-smbpass\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libsmbclient\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libsmbclient-dev\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-samba\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"samba\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"samba-common\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"samba-dbg\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"samba-doc\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"samba-doc-pdf\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"smbclient\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"smbfs\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"swat\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"winbind\", pkgver:\"3.0.22-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpam-smbpass\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libsmbclient\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libsmbclient-dev\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba-common\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba-dbg\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba-doc\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba-doc-pdf\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"smbclient\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"smbfs\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"swat\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"winbind\", pkgver:\"3.0.28a-1ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpam-smbpass\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libsmbclient\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libsmbclient-dev\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libwbclient0\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba\", pkgver:\"2:3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba-common\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba-dbg\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba-doc\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba-doc-pdf\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"samba-tools\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"smbclient\", pkgver:\"2:3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"smbfs\", pkgver:\"2:3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"swat\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"winbind\", pkgver:\"3.2.3-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpam-smbpass\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libsmbclient\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libsmbclient-dev\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libwbclient0\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba\", pkgver:\"2:3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba-common\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba-dbg\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba-doc\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba-doc-pdf\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"samba-tools\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"smbclient\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"smbfs\", pkgver:\"2:3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"swat\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"winbind\", pkgver:\"3.3.2-1ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpam-smbpass / libsmbclient / libsmbclient-dev / libwbclient0 / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:22", "description": "Multiple vulnerabilities has been found and corrected in samba :\n\nThe SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows\nFile Sharing is enabled, does not properly handle errors in resolving\npathnames, which allows remote authenticated users to bypass intended\nsharing restrictions, and read, create, or modify files, in certain\ncircumstances involving user accounts that lack home directories\n(CVE-2009-2813).\n\nsmbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,\nand 3.4 before 3.4.2 allows remote authenticated users to cause a\ndenial of service (infinite loop) via an unanticipated oplock break\nnotification reply packet (CVE-2009-2906).\n\nmount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before\n3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,\ndoes not properly enforce permissions, which allows local users to\nread part of the credentials file and obtain the password by\nspecifying the path to the credentials file and using the --verbose or\n-v option (CVE-2009-2948).\n\nThe versions of samba shipping with Mandriva Linux\nCS4/MES5/2008.1/2009.0/2009.1 have been updated to the latest version\nthat includes the fixes for these issues. Additionally for 2009.1 the\nversion upgrade provides many upstream bug fixes such as improved\nWindows(tm) 7 support. The version for CS3 has been patched to address\nthese security issues.", "edition": 26, "published": "2009-10-15T00:00:00", "title": "Mandriva Linux Security Advisory : samba (MDVSA-2009:277)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "modified": "2009-10-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64talloc1", "p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel", "p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:lib64wbclient0", "p-cpe:/a:mandriva:linux:libtalloc-devel", "p-cpe:/a:mandriva:linux:samba-doc", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:lib64tdb1", "p-cpe:/a:mandriva:linux:lib64wbclient-devel", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:libnetapi0", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:libsmbsharemodes-devel", "p-cpe:/a:mandriva:linux:lib64smbsharemodes0", "p-cpe:/a:mandriva:linux:lib64netapi-devel", "p-cpe:/a:mandriva:linux:libwbclient0", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel", "p-cpe:/a:mandriva:linux:libtdb-devel", "p-cpe:/a:mandriva:linux:lib64netapi0", "p-cpe:/a:mandriva:linux:lib64talloc-devel", "p-cpe:/a:mandriva:linux:samba-vscan-icap", "p-cpe:/a:mandriva:linux:samba-client", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:mount-cifs", "p-cpe:/a:mandriva:linux:lib64smbclient0-devel", "p-cpe:/a:mandriva:linux:libtdb1", "p-cpe:/a:mandriva:linux:lib64smbclient0", "p-cpe:/a:mandriva:linux:lib64tdb-devel", "p-cpe:/a:mandriva:linux:libwbclient-devel", "p-cpe:/a:mandriva:linux:libnetapi-devel", "p-cpe:/a:mandriva:linux:samba-winbind", "p-cpe:/a:mandriva:linux:libtalloc1", "p-cpe:/a:mandriva:linux:libsmbclient0", "p-cpe:/a:mandriva:linux:libsmbsharemodes0"], "id": "MANDRIVA_MDVSA-2009-277.NASL", "href": "https://www.tenable.com/plugins/nessus/42132", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:277. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42132);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2813\", \"CVE-2009-2906\", \"CVE-2009-2948\");\n script_bugtraq_id(36363, 36572, 36573);\n script_xref(name:\"MDVSA\", value:\"2009:277\");\n\n script_name(english:\"Mandriva Linux Security Advisory : samba (MDVSA-2009:277)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in samba :\n\nThe SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows\nFile Sharing is enabled, does not properly handle errors in resolving\npathnames, which allows remote authenticated users to bypass intended\nsharing restrictions, and read, create, or modify files, in certain\ncircumstances involving user accounts that lack home directories\n(CVE-2009-2813).\n\nsmbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,\nand 3.4 before 3.4.2 allows remote authenticated users to cause a\ndenial of service (infinite loop) via an unanticipated oplock break\nnotification reply packet (CVE-2009-2906).\n\nmount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before\n3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,\ndoes not properly enforce permissions, which allows local users to\nread part of the credentials file and obtain the password by\nspecifying the path to the credentials file and using the --verbose or\n-v option (CVE-2009-2948).\n\nThe versions of samba shipping with Mandriva Linux\nCS4/MES5/2008.1/2009.0/2009.1 have been updated to the latest version\nthat includes the fixes for these issues. Additionally for 2009.1 the\nversion upgrade provides many upstream bug fixes such as improved\nWindows(tm) 7 support. The version for CS3 has been patched to address\nthese security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2813.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2906.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2009-2948.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64netapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64smbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64talloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64tdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64wbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtalloc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mount-cifs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-vscan-icap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libsmbclient0-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"mount-cifs-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"nss_wins-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-client-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-common-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-doc-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-server-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-swat-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-vscan-icap-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"samba-winbind-3.0.37-0.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64netapi0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64talloc1-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64tdb1-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libnetapi0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtalloc1-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libtdb1-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient-devel-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libwbclient0-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mount-cifs-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"nss_wins-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-client-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-common-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-doc-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-server-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-swat-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"samba-winbind-3.2.15-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64netapi-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64netapi0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64smbclient0-static-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64smbsharemodes0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wbclient-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64wbclient0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libnetapi-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libnetapi0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsmbclient0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsmbsharemodes-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libsmbsharemodes0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwbclient-devel-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libwbclient0-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"mount-cifs-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"nss_wins-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-client-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-common-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-doc-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-server-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-swat-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"samba-winbind-3.3.8-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default \"dos filemode\" configuration option in \"smb.conf\". An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. \"/etc/passwd\"). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated \"[homes]\" share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.", "modified": "2017-09-08T11:55:37", "published": "2009-10-27T04:00:00", "id": "RHSA-2009:1529", "href": "https://access.redhat.com/errata/RHSA-2009:1529", "type": "redhat", "title": "(RHSA-2009:1529) Moderate: samba security update", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1888", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information. These samba3x packages provide Samba 3.3, which is a\nTechnology Preview for Red Hat Enterprise Linux 5. These packages cannot be\ninstalled in parallel with the samba packages. Note: Technology Previews\nare not intended for production use.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default \"dos filemode\" configuration option in \"smb.conf\". An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. \"/etc/passwd\"). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated \"[homes]\" share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba3x packages distributed by Red Hat does not have the setuid\nbit set. This flaw only affected systems where the setuid bit was manually\nset by an administrator. (CVE-2009-2948)\n\nThis update also fixes the following bugs:\n\n* the samba3x packages contained missing and conflicting license\ninformation. License information was missing for the libtalloc, libtdb, and\ntdb-tools packages. The samba3x-common package provided a COPYING file;\nhowever, it stated the license was GPLv2, while RPM metadata stated the\nlicenses were either GPLv3 or LGPLv3. This update adds the correct\nlicensing information to the samba3x-common, libsmbclient, libtalloc,\nlibtdb, and tdb-tools packages. (BZ#528633)\n\n* the upstream Samba version in the samba3x packages distributed with the\nRHEA-2009:1399 update contained broken implementations of the Netlogon\ncredential chain and SAMR access checks security subsystems. This prevented\nSamba from acting as a domain controller: Client systems could not join the\ndomain; users could not authenticate; and systems could not access the user\nand group list. (BZ#524551)\n\n* this update resolves interoperability issues with Windows 7 and Windows\nServer 2008 R2. (BZ#529022)\n\nThese packages upgrade Samba from version 3.3.5 to version 3.3.8. Refer to\nthe Samba Release Notes for a list of changes between versions:\nhttp://samba.org/samba/history/\n\nUsers of samba3x should upgrade to these updated packages, which resolve\nthese issues. After installing this update, the smb service will be\nrestarted automatically.", "modified": "2017-07-28T03:25:15", "published": "2009-11-16T05:00:00", "id": "RHSA-2009:1585", "href": "https://access.redhat.com/errata/RHSA-2009:1585", "type": "redhat", "title": "(RHSA-2009:1585) Moderate: samba3x security and bug fix update", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2906"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nThis update also fixes the following bug:\n\n* the RHSA-2007:0354 update added code to escape input passed to scripts\nthat are run by Samba. This code was missing \"c\" from the list of valid\ncharacters, causing it to be escaped. With this update, the previous patch\nhas been updated to include \"c\" in the list of valid characters.\n(BZ#242754)\n\nUsers of Samba should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing this update,\nthe smb service will be restarted automatically.", "modified": "2018-05-26T04:26:18", "published": "2009-10-27T04:00:00", "id": "RHSA-2009:1528", "href": "https://access.redhat.com/errata/RHSA-2009:1528", "type": "redhat", "title": "(RHSA-2009:1528) Moderate: samba security and bug fix update", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "[3.0.33-3.15.el5]\n- Security Release, fixes CVE-2009-1888, CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906\n- resolves: #526660", "edition": 4, "modified": "2009-10-27T00:00:00", "published": "2009-10-27T00:00:00", "id": "ELSA-2009-1529", "href": "http://linux.oracle.com/errata/ELSA-2009-1529.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2906", "CVE-2007-2447"], "description": "[3.0.9-1.3E.16]\n- Security Release, fixes CVE-2009-2906\n- resolves: #526657\n[3.0.9-X]\n- Fix user facing cosmetic bug in patch for CVE-2007-2447\n- resolves: #242754", "edition": 4, "modified": "2009-10-27T00:00:00", "published": "2009-10-27T00:00:00", "id": "ELSA-2009-1528", "href": "http://linux.oracle.com/errata/ELSA-2009-1528.html", "title": "samba security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1888", "CVE-2009-2948"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1529\n\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nAn uninitialized data access flaw was discovered in the smbd daemon when\nusing the non-default \"dos filemode\" configuration option in \"smb.conf\". An\nauthenticated, remote user with write access to a file could possibly use\nthis flaw to change an access control list for that file, even when such\naccess should have been denied. (CVE-2009-1888)\n\nA flaw was discovered in the way Samba handled users without a home\ndirectory set in the back-end password database (e.g. \"/etc/passwd\"). If a\nshare for the home directory of such a user was created (e.g. using the\nautomated \"[homes]\" share), any user able to access that share could see\nthe whole file system, possibly bypassing intended access restrictions.\n(CVE-2009-2813)\n\nThe mount.cifs program printed CIFS passwords as part of its debug output\nwhen running in verbose mode. When mount.cifs had the setuid bit set, a\nlocal, unprivileged user could use this flaw to disclose passwords from a\nfile that would otherwise be inaccessible to that user. Note: mount.cifs\nfrom the samba packages distributed by Red Hat does not have the setuid bit\nset. This flaw only affected systems where the setuid bit was manually set\nby an administrator. (CVE-2009-2948)\n\nUsers of Samba should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing this update,\nthe smb service will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028238.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028239.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028314.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028315.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1529.html", "edition": 3, "modified": "2009-10-30T14:44:00", "published": "2009-10-27T19:23:21", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028238.html", "id": "CESA-2009:1529", "title": "samba security update", "type": "centos", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2906"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1528\n\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA denial of service flaw was found in the Samba smbd daemon. An\nauthenticated, remote user could send a specially-crafted response that\nwould cause an smbd child process to enter an infinite loop. An\nauthenticated, remote user could use this flaw to exhaust system resources\nby opening multiple CIFS sessions. (CVE-2009-2906)\n\nThis update also fixes the following bug:\n\n* the RHSA-2007:0354 update added code to escape input passed to scripts\nthat are run by Samba. This code was missing \"c\" from the list of valid\ncharacters, causing it to be escaped. With this update, the previous patch\nhas been updated to include \"c\" in the list of valid characters.\n(BZ#242754)\n\nUsers of Samba should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing this update,\nthe smb service will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028236.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028237.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1528.html", "edition": 4, "modified": "2009-10-27T18:29:03", "published": "2009-10-27T18:28:07", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028236.html", "id": "CESA-2009:1528", "title": "samba security update", "type": "centos", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-1886", "CVE-2009-1888", "CVE-2009-2948"], "description": "J. David Hester discovered that Samba incorrectly handled users that lack \nhome directories when the automated [homes] share is enabled. An \nauthenticated user could connect to that share name and gain access to the \nwhole filesystem. (CVE-2009-2813)\n\nTim Prouty discovered that the smbd daemon in Samba incorrectly handled \ncertain unexpected network replies. A remote attacker could send malicious \nreplies to the server and cause smbd to use all available CPU, leading to a \ndenial of service. (CVE-2009-2906)\n\nRonald Volgers discovered that the mount.cifs utility, when installed as a \nsetuid program, would not verify user permissions before opening a \ncredentials file. A local user could exploit this to use or read the \ncontents of unauthorized credential files. (CVE-2009-2948)\n\nReinhard Ni\u00dfl discovered that the smbclient utility contained format string \nvulnerabilities in its file name handling. Because of security features in \nUbuntu, exploitation of this vulnerability is limited. If a user or \nautomated system were tricked into processing a specially crafted file \nname, smbclient could be made to crash, possibly leading to a denial of \nservice. This only affected Ubuntu 8.10. (CVE-2009-1886)\n\nJeremy Allison discovered that the smbd daemon in Samba incorrectly handled \npermissions to modify access control lists when dos filemode is enabled. A \nremote attacker could exploit this to modify access control lists. This \nonly affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)", "edition": 68, "modified": "2009-10-01T00:00:00", "published": "2009-10-01T00:00:00", "id": "USN-839-1", "href": "https://ubuntu.com/security/notices/USN-839-1", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-0798", "CVE-2009-1888", "CVE-2009-2948"], "description": "a. Service Console update for samba to 3.0.33-3.15.el5_4.1 \nThis update changes the samba packages to samba-client-3.0.33-3.15.el5_4.1 and samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for security issues that were first fixed in samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8. \n \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813 and CVE-2009-2948 to these issues. \n \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "edition": 5, "modified": "2010-10-25T00:00:00", "published": "2010-04-01T00:00:00", "id": "VMSA-2010-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0006.html", "title": "ESX Service Console updates for samba and acpid", "type": "vmware", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,\n12.1, 12.2, 13.0, and -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/samba-3.2.15-i486-1_slack13.0.txz:\n This update fixes the following security issues.\n A misconfigured /etc/passwd with no defined home directory could allow\n security restrictions to be bypassed.\n mount.cifs could allow a local user to read the first line of an arbitrary\n file if installed setuid. (On Slackware, it was not installed setuid)\n Specially crafted SMB requests could cause a denial of service.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.37-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.37-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.37-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.37-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.37-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/samba-3.0.37-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/samba-3.2.15-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/samba-3.2.15-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/samba-3.2.15-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.4.2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-3.4.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\ne02ad43f20e3c31e50cf28363541db9c samba-3.0.37-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nbac29aae3e5f23bd815f4452c2954dc6 samba-3.0.37-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\n60ac24589c806850e7a74a09302a4ed9 samba-3.0.37-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n58eaa3f9cb2c677f8b0a6249863685e6 samba-3.0.37-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n8f68ccdee93cb131b395d9b3eeae1674 samba-3.0.37-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nea18bf39fa98cd52cf90fc593ee3ddf8 samba-3.0.37-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nedb0b282ea777c2edabd8147d83f6978 samba-3.2.15-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n9a848ba2af68ee2d01dd7440b4b49405 samba-3.2.15-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne84b39e9ee6353e0a682e71a88e97b00 samba-3.2.15-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n968d2bfd83f13d40e630c14fab19a676 samba-3.4.2-i486-1.txz\n\nSlackware x86_64 -current package:\n8b80e5bcd2b603a42e92185501823d26 samba-3.4.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-3.2.15-i486-1_slack13.0.txz\n\nThen, if Samba is running restart it:\n\n > /etc/rc.d/rc.samba restart", "modified": "2009-10-04T00:01:26", "published": "2009-10-04T00:01:26", "id": "SSA-2009-276-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439", "type": "slackware", "title": "samba", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "Local privileged files access, DoS, unauthorized remote access.", "edition": 1, "modified": "2009-10-14T00:00:00", "published": "2009-10-14T00:00:00", "id": "SECURITYVULNS:VULN:10322", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10322", "title": "Samba multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1908-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nOctober 14th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : samba\r\nVulnerability : several\r\nProblem type : local/remote\r\nDebian-specific: no\r\nDebian bug : none\r\nCVE ID : CVE-2009-2948 CVE-2009-2906 CVE-2009-2813\r\n\r\nSeveral vulnerabilities have been discovered in samba, an implementation of\r\nthe SMB/CIFS protocol for Unix systems, providing support for cross-platform\r\nfile and printer sharing with other operating systems and more. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nThe mount.cifs utility is missing proper checks for file permissions when\r\nused in verbose mode. This allows local users to partly disclose the\r\ncontent of arbitrary files by specifying the file as credentials file and\r\nattempting to mount a samba share (CVE-2009-2948).\r\n\r\nA reply to an oplock break notification which samba doesn't expect could\r\nlead to the service getting stuck in an infinite loop. An attacker\r\ncan use this to perform denial of service attacks via a specially crafted\r\nSMB request (CVE-2009-2906).\r\n\r\nA lack of error handling in case no home diretory was configured/specified\r\nfor the user could lead to file disclosure. In case the automated [homes]\r\nshare is enabled or an explicit share is created with that username, samba\r\nfails to enforce sharing restrictions which results in an attacker being\r\nable to access the file system from the root directory (CVE-2009-2813).\r\n\r\n\r\nFor the oldstable distribution (etch), this problem will be fixed soon.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2:3.2.5-4lenny7.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2:3.4.2-1.\r\n\r\n\r\nWe recommend that you upgrade your samba packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc\r\n Size/MD5 checksum: 1830 7cc3718e19bbad5aa7099889c6c503a5\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz\r\n Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz\r\n Size/MD5 checksum: 235342 836141a1924843383cc385e544c933e5\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb\r\n Size/MD5 checksum: 7952438 630b57065388404b8a9fe3e9e111dc47\r\n http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb\r\n Size/MD5 checksum: 6252326 cded2ecbaa3fd39bd215dbb4ec666d4c\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 1945142 a6804ba408657cc4c89c80b0d6e4b8a4\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 1078442 0bedbb5cdb5ca36f52d2e1d1a6015804\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 3273896 082fdadedaf0234b97a8aefc1ef62d8a\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 2572542 ed15d1a7aa9c065986a8e896d63479e2\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 4830106 58ed5cd28d4c43d07195d013cf25553f\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 1461944 71adea7a3b47b65f8df4f3dc5efc4422\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 81488 d521efbda414cf6d4a588873442eb987\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 5730522 cca571adc80b833e7d9c45d5dd7fa103\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 637762 b526ea1ed9ca51d132a7685ec8320eea\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 1333234 36e35a3c252fabcfd2ec0ba8407323ca\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 3736262 9dc1a726efda21fa112ef2641c9b1f6a\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb\r\n Size/MD5 checksum: 6953202 b3e8de8b127bcd1f5dda4db61ed44b20\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 3274278 b732915df239ea1a9fff196250d6d383\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 1493684 460ed93756df58adfa57870d06c9aaff\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 627686 70379a8e6ce3b5d6de6af6b895d30619\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 3728204 ac7fb1f7d07628d0452d10e62b2d661d\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 1083940 5ca50cf6abd792b51e501f846f782231\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 5646144 09130baf353097710d6df8a6586875d7\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 1953358 e7c3f85d21b94e62baf0bc5849d8a7ed\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 80522 507bc24d176289793eadd28f4623e331\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 1358910 6ec7ccedec85f92e175b99c6abfb76ba\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 1995586 be70b626e522a6d10947717cc4dad784\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 7007462 b3a959d7475adb2d8aefc1d590690744\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb\r\n Size/MD5 checksum: 4775388 b2adb39f3d76b691a747126efd40452a\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 561128 0d9cc7d736f2ac3af0037fb0538885bb\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 2398710 a2a88432efcb034fad0cfc36130938f6\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 6177100 b465429510298d684d16f33d977ec1c3\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 3353238 d7e4a1fb9ecb639471baa485dc629653\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 79216 da72ebd5740459cd44c6d5735883f203\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 4267492 62425ac8d76f5879b900622026883d94\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 1315868 8b3019c57cfeeb28509ca96f7d0358fa\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 972222 1197d9bb33cfb181d99f03102b751cbf\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 5041464 6db94424b23399cf83de0ae1968efba0\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 1203924 f8a743cc5f4afb87f8b9cb883252c6f2\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 1817072 72fddd524748b9e9206c135e81c698dc\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb\r\n Size/MD5 checksum: 2892294 b43b907010b9373ec7957a570d9a80ec\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 2910452 fd7f3ad0731784dccdc5b3b467513469\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 6214560 94dff8a518547e92fb165c02dae9baec\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 5070850 b4a9ac34be34928672ce800c899ac042\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 981922 ae00524832d05f9aa8c06686c9e4e461\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 1323868 be4570e7c8720bf0c756b4eac3cd3fe0\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 3372252 012baecc35e1becc8a07d81adc262d65\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 4294422 0c6add94f7e453817388fa9e529b82bd\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 2424800 db72d33ac4229f163053c1f4ea18480e\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 78816 d0ac45bb3404ac4fa9972bf47ec91cac\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 1823568 48f417418296b035f611572d4504ffbd\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 1210432 d58cf1719fc208e76cec7c28cb594da7\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb\r\n Size/MD5 checksum: 564066 43f4da7801d6e972fae31ce287ded998\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 2067740 1f3465310bfa420ca5d3dca47fb61876\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 6687014 bd2920b6f871c5cfc573454993b99bd3\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 4653108 91139f0c545ded0f434912e577cc655b\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 1375386 2f9657458e85625ffa4f762df7ca9a87\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 80862 32248cce30e50a58171439955e8c1b31\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 5501106 2c9166906405f03cb05d509b871ee48b\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 3177446 f061d9d8f7e5276ff6f6bf98ecea456e\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 631654 1dd17d4d9edc8fc60707db89643a8aea\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 3610032 ea72fc29881895beab6c09e20dce4eb9\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 1046340 b118ec013c5588b8baaea5d1b0e920a8\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 2229186 b1f09642dd40089211dbaa22d9e234fd\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb\r\n Size/MD5 checksum: 1412786 3ffb5d639b595a3af2d1661439f7559d\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 984354 610ff7af9bdec786dc66dfc71e6d906d\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 2930762 16cc9438cc5a7bac68f842aaff01cb44\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 6302570 8508f2837d10ed9e791690764c887482\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 2081416 a97abc97a1ccbebc475cf94ab984fac0\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 561714 b61348ec0f3adb19990550cab9b7e40b\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 3405124 904fba778279f57af680c3a25d316c89\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 4295250 e783fb6625c27e5d4dbdf0b5072345db\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 78984 0a4c138021591e75544c95a70a79f5e4\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 5067188 9b7a2c22ef8ebab7db2da88e77d61607\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 1825116 d70821ed19cb8118f76529c844c967de\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 1199768 f33cfc38a35e53f9a278279d10cb9296\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb\r\n Size/MD5 checksum: 1349920 a34c0d26610af3d6a5e8c0c9e35f6acf\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 4386438 ec0ed107b01d00462e6a4dd9fa914a6f\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 5832230 d73c656dac14065b3a1f13201510eb20\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 1724092 9b5c69cdc6911c755a8e6b12d048d1ba\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 84004 bc0fe8f98f03b5d665810cb5ade516e9\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 752072 c462e06b2ff50d6abbc6fa5ba6c14dba\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 1561116 91986263af0fd80f2a8d220e626ea4e9\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 8294752 bfea15cf71e6f3503e8601b7b7a51ff4\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 1939328 a3d3f802ed54267a93a61eed49d48b7e\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 2400926 961af2d58aeff2eb54b6316b56b0d71b\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 1280080 63385632efbd6d173e452b75ac295e7d\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 6933470 666a61b68183f3afc017cb3658d25049\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb\r\n Size/MD5 checksum: 3915410 a7ae5b73317aff391dbfffe447ee8958\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 2507514 c8d996cba28f6d76d187774f844b01aa\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 4203042 d48c2d45cd762dc2bad73ca9c089d3c9\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 572688 4c689c9090845e6784d96eafdd1d1dd5\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 1205342 92c7d350a6958c60b719dc1bca25e23c\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 3238756 9c2d7e67ffcb7f6f9010e2a4cf3e5e16\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 942044 b994c97405ec4963b68189a0ba00067b\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 4998666 1648dd4cfec7bc14cbd41320b44fbb16\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 2809438 f4ad77583575756d14629fd98c8166f5\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 79288 10a8cdeed703948d1dd5e836897558f1\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 2182258 5183531629f1c99dd71f253832bab233\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 5840974 cb82df1024f5c10770ac98afe89e48a3\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb\r\n Size/MD5 checksum: 1093592 8e55a6342da60f19c3c95a55a1d90164\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 2128338 f27eefe417a4831ed071ee2a34949e47\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 569280 584e1b162cb0452b814d34aa618d9b85\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 79204 69f192c04fa40eb5e2fc37c1cdb1b0ac\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 5801134 d3791aacacfcadd4caf909dd9b62fe31\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 1081720 b19e32963b224825b1f6335e28bc6d6b\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 2792976 e3d2772a8cf2274a26190043d0c9694a\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 2387806 e5f53727f8ccdca5bfb82efbd5601c7e\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 4967334 3dfdbd6e944b31808bb38bbe3ee3fe35\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 1196484 bc9d17cd36558e526efd2e3870f2b0e4\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 3219234 d4615fd079aecae1ed4753c4449aea75\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 4177874 10909deb34148f33c2a92ecb6cfd8c72\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb\r\n Size/MD5 checksum: 936880 1e742c0aa5a77a995fa174a9b02913c4\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 2988566 40620c503ca952eeeb73bde777a14435\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 6294542 feab7c9b74b13b06b6977d637623c728\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 2079372 4886a2d8d7664280dae64605c891996b\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 1712666 75b337ef8fb0e52f71cf2e9b18faa1d4\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 3423452 da023922a04344c534ee88e0e0292900\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 5187664 0ddd64379049fadd254da0045e04d307\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 595048 b08157624bc5ebe37b5a2c343649bb83\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 1333642 98613e2a5c876333295cc0aab31ad250\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 989426 e1b15a1a53be2bd09010c1dd0eeddcf8\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 1239864 1aafcfc867e23a3b84f58e29f5a4b163\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 4403350 c2b90fc3fb94dcd324f9da7a38a7c878\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb\r\n Size/MD5 checksum: 80476 3ac690ddd20c773e1437d21572c37a2e\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 2061206 694599e2dae140a04c53be168ebbf163\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 1389672 25b0b8754be83bae0984de459f7cf319\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 641924 989f56ac5c323f74b34512dcf48412a0\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 1935682 032e63baf547b194e2af89da342be617\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 1258028 5884f69e4c3fc4567c8f2392b4cae88d\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 4740858 01348d4fe49f9f8b07eb98b77a447c4d\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 1056846 85573ee68987c713bf2abf1c676bcd6a\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 6706474 c2cd5c961d23f7ec513b2cb0efa469a8\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 5647644 c123e43888dace888b100f4d61cef627\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 80832 c96484d5c2588fb90a23df5869463554\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 3204582 0254ff9259bae547b7d8673124473e19\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb\r\n Size/MD5 checksum: 3650302 0716bdcda1c0b080e30fbc2b4af03e6b\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 1202198 76ec9e4b183e72139b216321ef0dbc6f\r\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 975366 ce9edebb6cdbbfce4ed44dc376960d3a\r\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 4322338 398acf0f34e81b674ec8cf4149bf4534\r\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 2924672 52a6813bc6e557daa5f2ec523942ebcc\r\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 5116574 63e4f4faadf3223fdd904e546aab6a22\r\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 3372416 73b1333d568d87529e8d3072ebd4c509\r\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 581590 2dcac90d984a7b08083be093befa1472\r\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 1303976 731b1a1f9a65e1ec887c0fbdfcc867d3\r\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 1996180 13724133b88e237853164fedd89c356b\r\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 79152 1ffe88781e928339aa16c594f9f224f0\r\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 6172106 37c0d2de6d73127751cf1670ee468944\r\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb\r\n Size/MD5 checksum: 2020578 f161d329079cb0df6cbc30ed97191e15\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkrVMdkACgkQHYflSXNkfP9M2gCfYiJgY6BAzamJbQtFFmHVlahf\r\nbJ0AoIRB9v/za2CX4Oa7b55cwncVleN+\r\n=63e/\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-10-14T00:00:00", "published": "2009-10-14T00:00:00", "id": "SECURITYVULNS:DOC:22637", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22637", "title": "[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:18:31", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1908-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nOctober 14th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : samba\nVulnerability : several\nProblem type : local/remote\nDebian-specific: no\nDebian bug : none\nCVE ID : CVE-2009-2948 CVE-2009-2906 CVE-2009-2813\n\nSeveral vulnerabilities have been discovered in samba, an implementation of\nthe SMB/CIFS protocol for Unix systems, providing support for cross-platform\nfile and printer sharing with other operating systems and more. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nThe mount.cifs utility is missing proper checks for file permissions when\nused in verbose mode. This allows local users to partly disclose the\ncontent of arbitrary files by specifying the file as credentials file and\nattempting to mount a samba share (CVE-2009-2948).\n\nA reply to an oplock break notification which samba doesn't expect could\nlead to the service getting stuck in an infinite loop. An attacker\ncan use this to perform denial of service attacks via a specially crafted\nSMB request (CVE-2009-2906).\n\nA lack of error handling in case no home diretory was configured/specified\nfor the user could lead to file disclosure. In case the automated [homes]\nshare is enabled or an explicit share is created with that username, samba\nfails to enforce sharing restrictions which results in an attacker being\nable to access the file system from the root directory (CVE-2009-2813).\n\n\nFor the oldstable distribution (etch), this problem will be fixed soon.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2:3.2.5-4lenny7.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.4.2-1.\n\n\nWe recommend that you upgrade your samba packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc\n Size/MD5 checksum: 1830 7cc3718e19bbad5aa7099889c6c503a5\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz\n Size/MD5 checksum: 50276407 0f7539e09803ae60a2912e70adf1c747\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz\n Size/MD5 checksum: 235342 836141a1924843383cc385e544c933e5\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb\n Size/MD5 checksum: 7952438 630b57065388404b8a9fe3e9e111dc47\n http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb\n Size/MD5 checksum: 6252326 cded2ecbaa3fd39bd215dbb4ec666d4c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 1945142 a6804ba408657cc4c89c80b0d6e4b8a4\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 1078442 0bedbb5cdb5ca36f52d2e1d1a6015804\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 3273896 082fdadedaf0234b97a8aefc1ef62d8a\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 2572542 ed15d1a7aa9c065986a8e896d63479e2\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 4830106 58ed5cd28d4c43d07195d013cf25553f\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 1461944 71adea7a3b47b65f8df4f3dc5efc4422\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 81488 d521efbda414cf6d4a588873442eb987\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 5730522 cca571adc80b833e7d9c45d5dd7fa103\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 637762 b526ea1ed9ca51d132a7685ec8320eea\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 1333234 36e35a3c252fabcfd2ec0ba8407323ca\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 3736262 9dc1a726efda21fa112ef2641c9b1f6a\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb\n Size/MD5 checksum: 6953202 b3e8de8b127bcd1f5dda4db61ed44b20\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 3274278 b732915df239ea1a9fff196250d6d383\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 1493684 460ed93756df58adfa57870d06c9aaff\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 627686 70379a8e6ce3b5d6de6af6b895d30619\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 3728204 ac7fb1f7d07628d0452d10e62b2d661d\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 1083940 5ca50cf6abd792b51e501f846f782231\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 5646144 09130baf353097710d6df8a6586875d7\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 1953358 e7c3f85d21b94e62baf0bc5849d8a7ed\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 80522 507bc24d176289793eadd28f4623e331\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 1358910 6ec7ccedec85f92e175b99c6abfb76ba\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 1995586 be70b626e522a6d10947717cc4dad784\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 7007462 b3a959d7475adb2d8aefc1d590690744\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb\n Size/MD5 checksum: 4775388 b2adb39f3d76b691a747126efd40452a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 561128 0d9cc7d736f2ac3af0037fb0538885bb\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 2398710 a2a88432efcb034fad0cfc36130938f6\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 6177100 b465429510298d684d16f33d977ec1c3\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 3353238 d7e4a1fb9ecb639471baa485dc629653\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 79216 da72ebd5740459cd44c6d5735883f203\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 4267492 62425ac8d76f5879b900622026883d94\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 1315868 8b3019c57cfeeb28509ca96f7d0358fa\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 972222 1197d9bb33cfb181d99f03102b751cbf\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 5041464 6db94424b23399cf83de0ae1968efba0\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 1203924 f8a743cc5f4afb87f8b9cb883252c6f2\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 1817072 72fddd524748b9e9206c135e81c698dc\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb\n Size/MD5 checksum: 2892294 b43b907010b9373ec7957a570d9a80ec\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 2910452 fd7f3ad0731784dccdc5b3b467513469\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 6214560 94dff8a518547e92fb165c02dae9baec\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 5070850 b4a9ac34be34928672ce800c899ac042\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 981922 ae00524832d05f9aa8c06686c9e4e461\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 1323868 be4570e7c8720bf0c756b4eac3cd3fe0\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 3372252 012baecc35e1becc8a07d81adc262d65\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 4294422 0c6add94f7e453817388fa9e529b82bd\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 2424800 db72d33ac4229f163053c1f4ea18480e\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 78816 d0ac45bb3404ac4fa9972bf47ec91cac\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 1823568 48f417418296b035f611572d4504ffbd\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 1210432 d58cf1719fc208e76cec7c28cb594da7\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb\n Size/MD5 checksum: 564066 43f4da7801d6e972fae31ce287ded998\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 2067740 1f3465310bfa420ca5d3dca47fb61876\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 6687014 bd2920b6f871c5cfc573454993b99bd3\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 4653108 91139f0c545ded0f434912e577cc655b\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 1375386 2f9657458e85625ffa4f762df7ca9a87\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 80862 32248cce30e50a58171439955e8c1b31\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 5501106 2c9166906405f03cb05d509b871ee48b\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 3177446 f061d9d8f7e5276ff6f6bf98ecea456e\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 631654 1dd17d4d9edc8fc60707db89643a8aea\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 3610032 ea72fc29881895beab6c09e20dce4eb9\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 1046340 b118ec013c5588b8baaea5d1b0e920a8\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 2229186 b1f09642dd40089211dbaa22d9e234fd\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb\n Size/MD5 checksum: 1412786 3ffb5d639b595a3af2d1661439f7559d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 984354 610ff7af9bdec786dc66dfc71e6d906d\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 2930762 16cc9438cc5a7bac68f842aaff01cb44\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 6302570 8508f2837d10ed9e791690764c887482\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 2081416 a97abc97a1ccbebc475cf94ab984fac0\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 561714 b61348ec0f3adb19990550cab9b7e40b\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 3405124 904fba778279f57af680c3a25d316c89\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 4295250 e783fb6625c27e5d4dbdf0b5072345db\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 78984 0a4c138021591e75544c95a70a79f5e4\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 5067188 9b7a2c22ef8ebab7db2da88e77d61607\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 1825116 d70821ed19cb8118f76529c844c967de\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 1199768 f33cfc38a35e53f9a278279d10cb9296\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb\n Size/MD5 checksum: 1349920 a34c0d26610af3d6a5e8c0c9e35f6acf\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 4386438 ec0ed107b01d00462e6a4dd9fa914a6f\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 5832230 d73c656dac14065b3a1f13201510eb20\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 1724092 9b5c69cdc6911c755a8e6b12d048d1ba\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 84004 bc0fe8f98f03b5d665810cb5ade516e9\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 752072 c462e06b2ff50d6abbc6fa5ba6c14dba\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 1561116 91986263af0fd80f2a8d220e626ea4e9\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 8294752 bfea15cf71e6f3503e8601b7b7a51ff4\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 1939328 a3d3f802ed54267a93a61eed49d48b7e\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 2400926 961af2d58aeff2eb54b6316b56b0d71b\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 1280080 63385632efbd6d173e452b75ac295e7d\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 6933470 666a61b68183f3afc017cb3658d25049\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb\n Size/MD5 checksum: 3915410 a7ae5b73317aff391dbfffe447ee8958\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 2507514 c8d996cba28f6d76d187774f844b01aa\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 4203042 d48c2d45cd762dc2bad73ca9c089d3c9\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 572688 4c689c9090845e6784d96eafdd1d1dd5\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 1205342 92c7d350a6958c60b719dc1bca25e23c\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 3238756 9c2d7e67ffcb7f6f9010e2a4cf3e5e16\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 942044 b994c97405ec4963b68189a0ba00067b\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 4998666 1648dd4cfec7bc14cbd41320b44fbb16\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 2809438 f4ad77583575756d14629fd98c8166f5\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 79288 10a8cdeed703948d1dd5e836897558f1\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 2182258 5183531629f1c99dd71f253832bab233\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 5840974 cb82df1024f5c10770ac98afe89e48a3\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb\n Size/MD5 checksum: 1093592 8e55a6342da60f19c3c95a55a1d90164\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 2128338 f27eefe417a4831ed071ee2a34949e47\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 569280 584e1b162cb0452b814d34aa618d9b85\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 79204 69f192c04fa40eb5e2fc37c1cdb1b0ac\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 5801134 d3791aacacfcadd4caf909dd9b62fe31\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 1081720 b19e32963b224825b1f6335e28bc6d6b\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 2792976 e3d2772a8cf2274a26190043d0c9694a\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 2387806 e5f53727f8ccdca5bfb82efbd5601c7e\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 4967334 3dfdbd6e944b31808bb38bbe3ee3fe35\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 1196484 bc9d17cd36558e526efd2e3870f2b0e4\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 3219234 d4615fd079aecae1ed4753c4449aea75\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 4177874 10909deb34148f33c2a92ecb6cfd8c72\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb\n Size/MD5 checksum: 936880 1e742c0aa5a77a995fa174a9b02913c4\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 2988566 40620c503ca952eeeb73bde777a14435\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 6294542 feab7c9b74b13b06b6977d637623c728\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 2079372 4886a2d8d7664280dae64605c891996b\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 1712666 75b337ef8fb0e52f71cf2e9b18faa1d4\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 3423452 da023922a04344c534ee88e0e0292900\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 5187664 0ddd64379049fadd254da0045e04d307\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 595048 b08157624bc5ebe37b5a2c343649bb83\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 1333642 98613e2a5c876333295cc0aab31ad250\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 989426 e1b15a1a53be2bd09010c1dd0eeddcf8\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 1239864 1aafcfc867e23a3b84f58e29f5a4b163\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 4403350 c2b90fc3fb94dcd324f9da7a38a7c878\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb\n Size/MD5 checksum: 80476 3ac690ddd20c773e1437d21572c37a2e\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 2061206 694599e2dae140a04c53be168ebbf163\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 1389672 25b0b8754be83bae0984de459f7cf319\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 641924 989f56ac5c323f74b34512dcf48412a0\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 1935682 032e63baf547b194e2af89da342be617\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 1258028 5884f69e4c3fc4567c8f2392b4cae88d\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 4740858 01348d4fe49f9f8b07eb98b77a447c4d\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 1056846 85573ee68987c713bf2abf1c676bcd6a\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 6706474 c2cd5c961d23f7ec513b2cb0efa469a8\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 5647644 c123e43888dace888b100f4d61cef627\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 80832 c96484d5c2588fb90a23df5869463554\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 3204582 0254ff9259bae547b7d8673124473e19\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb\n Size/MD5 checksum: 3650302 0716bdcda1c0b080e30fbc2b4af03e6b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 1202198 76ec9e4b183e72139b216321ef0dbc6f\n http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 975366 ce9edebb6cdbbfce4ed44dc376960d3a\n http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 4322338 398acf0f34e81b674ec8cf4149bf4534\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 2924672 52a6813bc6e557daa5f2ec523942ebcc\n http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 5116574 63e4f4faadf3223fdd904e546aab6a22\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 3372416 73b1333d568d87529e8d3072ebd4c509\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 581590 2dcac90d984a7b08083be093befa1472\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 1303976 731b1a1f9a65e1ec887c0fbdfcc867d3\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 1996180 13724133b88e237853164fedd89c356b\n http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 79152 1ffe88781e928339aa16c594f9f224f0\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 6172106 37c0d2de6d73127751cf1670ee468944\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb\n Size/MD5 checksum: 2020578 f161d329079cb0df6cbc30ed97191e15\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-10-14T02:10:44", "published": "2009-10-14T02:10:44", "id": "DEBIAN:DSA-1908-1:D4D84", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00230.html", "title": "[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2009-10-03T18:59:38", "published": "2009-10-03T18:59:38", "id": "FEDORA:1864F10F86A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: samba-3.4.2-0.42.fc11", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948", "CVE-2009-3297"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2010-01-29T03:24:41", "published": "2010-01-29T03:24:41", "id": "FEDORA:A8F9D10F940", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: samba-3.4.5-0.47.fc11", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948", "CVE-2009-3297", "CVE-2010-0728"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2010-03-10T06:46:46", "published": "2010-03-10T06:46:46", "id": "FEDORA:1818C11130D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: samba-3.4.7-0.50.fc11", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4314", "CVE-2009-0022", "CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2009-10-03T18:57:48", "published": "2009-10-03T18:57:48", "id": "FEDORA:C969A10F7EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: samba-3.2.15-0.36.fc10", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:34:29", "description": "BUGTRAQ ID: 36573\r\nCVE ID: CVE-2009-2906\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\n\u5982\u679c\u5ba2\u6237\u7aef\u5411Samba\u670d\u52a1\u5668\u53d1\u9001\u4e86\u975e\u9884\u671f\u7684oplock\u6682\u505c\u901a\u77e5\u56de\u590d\u7684\u8bdd\uff0csmbd\u5c31\u4f1a\u53cd\u590d\u5bf9CPU\u8fdb\u884c\u65cb\u8f6c\uff08spin\uff09\uff0c\u5c1d\u8bd5\u5904\u7406\u8be5\u62a5\u6587\uff0c\u4f46\u65e0\u6cd5\u5b8c\u6210\u5904\u7406\u3002\u8fd9\u662f\u4e00\u79cd\u62d2\u7edd\u670d\u52a1\u7684\u60c5\u51b5\u3002\n\nSamba Samba 3.4\r\nSamba Samba 3.2\r\nSamba Samba 3.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.0.37.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.2.15.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.4.2.tar.gz", "published": "2009-10-12T00:00:00", "title": "Samba Oplock\u6682\u505c\u901a\u77e5\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2906"], "modified": "2009-10-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12453", "id": "SSV:12453", "sourceData": "", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:34:28", "description": "BUGTRAQ ID: 36572\r\nCVE ID: CVE-2009-2948\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nmount.cifs\u7a0b\u5e8f\u5141\u8bb8\u7528\u6237\u901a\u8fc7\u4e0d\u540c\u7684\u65b9\u5f0f\u4f20\u9001\u51ed\u636e\u6587\u4ef6\u7684\u540d\u79f0\u6216\u5305\u542b\u6709\u53e3\u4ee4\u7684\u6587\u4ef6\u3002\u5982\u679c\u5b89\u88c5\u4e3asetuid\u7a0b\u5e8f\uff0cmount.cifs\u6ca1\u6709\u5224\u65ad\u8bd5\u56fe\u8bbf\u95ee\u8be5\u6587\u4ef6\u7684\u7528\u6237\u662f\u5426\u62e5\u6709root\u7528\u6237\u6743\u9650\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528--verbose\u6216-v\u9009\u9879\uff0c\u5411mount.cifs\u4f20\u9001\u51ed\u636e\u6587\u4ef6\uff0c\u7136\u540e\u8bfb\u53d6\u6240\u4f20\u9001\u53e3\u4ee4\u7684\u7b2c\u4e00\u884c\u3002\n\nSamba Samba 3.4\r\nSamba Samba 3.3\r\nSamba Samba 3.2\r\nSamba Samba 3.0\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u6e05\u9664mount.cifs\u7684setuid\u4f4d\uff1a\r\n\r\n # chmod u-s /sbin/mount.cifs\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.0.37.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.2.15.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.3.8.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.4.2.tar.gz", "published": "2009-10-12T00:00:00", "title": "Samba setuid mount.cifs\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2948"], "modified": "2009-10-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12452", "id": "SSV:12452", "sourceData": "", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:34:38", "description": "BUGTRAQ ID: 36363\r\nCVE ID: CVE-2009-2813\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\n\u5982\u679c/etc/passwd\u4e2d\u7684\u7528\u6237\u9519\u8bef\u7684\u914d\u7f6e\u4e3a\u62e5\u6709\u7a7a\u7684\u4e3b\u76ee\u5f55\uff08::\uff09\u4e14\u542f\u7528\u4e86\u81ea\u52a8[homes]\u5171\u4eab\uff0c\u6216\u7528\u8be5\u7528\u6237\u540d\u521b\u5efa\u4e86\u660e\u786e\u7684\u5171\u4eab\uff0c\u5219\u4efb\u4f55\u8fde\u63a5\u5230\u8be5\u5171\u4eab\u540d\u7684\u5ba2\u6237\u7aef\u90fd\u53ef\u4ee5\u8bbf\u95eeroot\uff08/\uff09\u4e4b\u4e0b\u7684\u6574\u4e2a\u6587\u4ef6\u7cfb\u7edf\u3002\n\nSamba Samba 3.4\r\nSamba Samba 3.3\r\nSamba Samba 3.2\r\nSamba Samba 3.0\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4e0d\u8981\u5bf9/etc/passwd\u4e2d\u7684\u7528\u6237\u914d\u7f6e\u7a7a\u7684\u4e3b\u76ee\u5f55\u5b57\u7b26\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.0.37.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.2.15.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.3.8.tar.gz\r\nhttp://www.samba.org/samba/ftp/stable/samba-3.4.2.tar.gz", "published": "2009-10-12T00:00:00", "title": "Samba\u9519\u8bef\u914d\u7f6e/etc/passwd\u6587\u4ef6\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2813"], "modified": "2009-10-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12451", "id": "SSV:12451", "sourceData": "", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "samba": [{"lastseen": "2020-12-24T13:21:01", "bulletinFamily": "software", "cvelist": ["CVE-2009-2906"], "description": "Smbd is susceptible to a remote DoS attack by an authenticated remote client.\nIf the client sends a reply to an oplock break notification that Samba does not expect it can cause smbd to spin the CPU repeatedly trying to process the unexpected packet and being unable to finish the processing. This is unlikely to happen with normal client activity (although not impossible).", "edition": 5, "modified": "2009-10-01T00:00:00", "published": "2009-10-01T00:00:00", "id": "SAMBA:CVE-2009-2906", "href": "https://www.samba.org/samba/security/CVE-2009-2906.html", "title": "Remote DoS against smbd on authenticated connections ", "type": "samba", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-24T13:21:01", "bulletinFamily": "software", "cvelist": ["CVE-2009-1888"], "description": "The smbd daemon in Samba 3.0.31 - 3.3.5 contains an uninitialized read of a data value that can potentially affect access control. If a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter \"dos filemode\" is set to \"yes\" in the smb.conf and the user already has write access to the file. The error occurs in checking that the user has write access. Uninitialized memory is read instead of the values in the 'stat' struct of the file.\nAn attack would be difficult to script by an attacker, as the attacker would need to find a reproducible case to ensure previously used stack memory had the correct values to trigger the bug. In addition, the server would have to have been configured with \"dos filemode = yes\" in the smb.conf.", "edition": 5, "modified": "2009-06-23T00:00:00", "published": "2009-06-23T00:00:00", "id": "SAMBA:CVE-2009-1888", "href": "https://www.samba.org/samba/security/CVE-2009-1888.html", "title": "Uninitialized read of a data value ", "type": "samba", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-24T13:21:01", "bulletinFamily": "software", "cvelist": ["CVE-2009-2948"], "description": "The mount.cifs program allows a user to pass in the name of a credentials file or a file containing a password via several different means. When installed as a setuid program, it does not check to see whether the user would have had access to this file prior to gaining root privileges.\nAlso, when run with the --verbose or -v options, it would print the value of the password being handed off to the kernel.", "edition": 5, "modified": "2009-10-01T00:00:00", "published": "2009-10-01T00:00:00", "id": "SAMBA:CVE-2009-2948", "href": "https://www.samba.org/samba/security/CVE-2009-2948.html", "title": "Information disclosure by setuid mount.cifs ", "type": "samba", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-24T13:21:01", "bulletinFamily": "software", "cvelist": ["CVE-2009-2813"], "description": "If a user in /etc/passwd is misconfigured to have an empty home directory (::) and the automated [homes] share is enabled, or an explicit share is created with that username, then any client connecting to that share name will be able to access the whole filesystem from root (/) on downwards, subject to local file system permissions applied to the connecting user.", "edition": 5, "modified": "2009-10-01T00:00:00", "published": "2009-10-01T00:00:00", "id": "SAMBA:CVE-2009-2813", "href": "https://www.samba.org/samba/security/CVE-2009-2813.html", "title": "Misconfigured /etc/passwd file may share folders unexpectedly ", "type": "samba", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}]}
