7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.037 Low
EPSS
Percentile
91.7%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.703548");
script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118");
script_tag(name:"creation_date", value:"2016-04-12 22:00:00 +0000 (Tue, 12 Apr 2016)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-04-13 13:58:43 +0000 (Wed, 13 Apr 2016)");
script_name("Debian: Security Advisory (DSA-3548-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(7|8)");
script_xref(name:"Advisory-ID", value:"DSA-3548-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2016/DSA-3548-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-3548");
script_xref(name:"URL", value:"https://www.samba.org/samba/latest_news.html#4.4.2");
script_xref(name:"URL", value:"https://www.samba.org/samba/history/samba-4.2.0.html");
script_xref(name:"URL", value:"https://www.samba.org/samba/history/samba-4.2.10.html");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-3548-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-5370
Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks.
CVE-2016-2110
Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks.
CVE-2016-2111
When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same vulnerability as CVE-2015-0005 for Windows, discovered by Alberto Solino from Core Security.
CVE-2016-2112
Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can downgrade LDAP connections to avoid integrity protection.
CVE-2016-2113
Stefan Metzmacher of SerNet and the Samba Team discovered that man-in-the-middle attacks are possible for client triggered LDAP connections and ncacn_http connections.
CVE-2016-2114
Stefan Metzmacher of SerNet and the Samba Team discovered that Samba does not enforce required smb signing even if explicitly configured.
CVE-2016-2115
Stefan Metzmacher of SerNet and the Samba Team discovered that SMB connections for IPC traffic are not integrity-protected.
CVE-2016-2118
Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can intercept any DCERPC traffic between a client and a server in order to impersonate the client and obtain the same privileges as the authenticated user account.
For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected by CVE-2016-2113 and CVE-2016-2114.
For the stable distribution (jessie), these problems have been fixed in version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading to the new upstream version 4.2.10, which includes additional changes and bugfixes. The depending libraries ldb, talloc, tdb and tevent required as well an update to new upstream versions for this update.
For the unstable distribution (sid), these problems have been fixed in version 2:4.3.7+dfsg-1.
Please refer to
[link moved to references]
[link moved to references]
[link moved to references]
for further details (in particular for new options and defaults).
We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat), Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE) for the massive backporting work required to support Samba 3.6 and Samba 4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent for their help in preparing updates of Samba and the underlying infrastructure libraries.
We recommend that you upgrade your samba packages.");
script_tag(name:"affected", value:"'samba' package(s) on Debian 7, Debian 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"libnss-winbind", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-smbpass", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-winbind", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libsmbclient", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libsmbclient-dev", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwbclient-dev", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwbclient0", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-common", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-common-bin", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-dbg", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-doc", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-doc-pdf", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-tools", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"smbclient", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"swat", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"winbind", ver:"2:3.6.6-6+deb7u9", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB8") {
if(!isnull(res = isdpkgvuln(pkg:"ctdb", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libnss-winbind", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-smbpass", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-winbind", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libparse-pidl-perl", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libsmbclient", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libsmbclient-dev", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwbclient-dev", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwbclient0", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-samba", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"registry-tools", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-common", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-common-bin", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-dbg", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-dev", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-doc", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-dsdb-modules", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-libs", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-testsuite", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"samba-vfs-modules", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"smbclient", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"winbind", ver:"2:4.2.10+dfsg-0+deb8u1", rls:"DEB8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.037 Low
EPSS
Percentile
91.7%