Lucene search

Ubuntu: Security Advisory (USN-4244-1)

Ubuntu: Security Advisory (USN-4244-1) The 'samba' package on Ubuntu has security vulnerability

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 127
Tenable Nessus	Samba 4.x < 4.9.18 / 4.10.x < 4.10.12 / 4.11.x < 4.11.5 Multiple Vulnerabilities	24 Jan 202000:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:0223-1)	27 Jan 202000:00	–	nessus
Tenable Nessus	openSUSE Security Update : samba (openSUSE-2020-122)	30 Jan 202000:00	–	nessus
Tenable Nessus	Fedora 30 : 2:samba (2020-f92cd0e72b)	10 Feb 202000:00	–	nessus
Tenable Nessus	FreeBSD : samba -- multiple vulnerabilities (5f0dd349-40a2-11ea-8d8c-005056a311d1)	27 Jan 202000:00	–	nessus
Tenable Nessus	Fedora 31 : 2:samba (2020-6bd386c7eb)	3 Feb 202000:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerabilities (USN-4244-1)	22 Jan 202000:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:0224-1)	27 Jan 202000:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : samba (EulerOS-SA-2020-1341)	2 Apr 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1179)	25 Feb 202000:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/notices/USN-4244-1

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.844301");
  script_cve_id("CVE-2019-14902", "CVE-2019-14907", "CVE-2019-19344");
  script_tag(name:"creation_date", value:"2020-01-22 04:00:35 +0000 (Wed, 22 Jan 2020)");
  script_version("2024-02-02T05:06:07+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-01-29 17:39:45 +0000 (Wed, 29 Jan 2020)");

  script_name("Ubuntu: Security Advisory (USN-4244-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|19\.04|19\.10)");

  script_xref(name:"Advisory-ID", value:"USN-4244-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4244-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'samba' package(s) announced via the USN-4244-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"It was discovered that Samba did not automatically replicate ACLs set to
inherit down a subtree on AD Directory, contrary to expectations. This
issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-14902)

Robert Swiecki discovered that Samba incorrectly handled certain character
conversions when the log level is set to 3 or above. In certain
environments, a remote attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2019-14907)

Christian Naumer discovered that Samba incorrectly handled DNS zone
scavenging. This issue could possibly result in some incorrect data being
written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-19344)");

  script_tag(name:"affected", value:"'samba' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04, Ubuntu 19.10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU16.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:4.3.11+dfsg-0ubuntu0.16.04.25", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU18.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:4.7.6+dfsg~ubuntu-0ubuntu2.15", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU19.04") {

  if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:4.10.0+dfsg-0ubuntu2.8", rls:"UBUNTU19.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU19.10") {

  if(!isnull(res = isdpkgvuln(pkg:"samba", ver:"2:4.10.7+dfsg-0ubuntu2.4", rls:"UBUNTU19.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Jan 2020 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS24

CVSS36.5

EPSS0.05927