{"id": "OPENVAS:1361412562310881285", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64", "description": "The remote host is missing an update for the ", "published": "2012-07-30T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881285", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-September/017967.html", "2011:1219"], "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "lastseen": "2019-05-29T18:39:06", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:881285", "OPENVAS:870477", "OPENVAS:880981", "OPENVAS:1361412562310880969", "OPENVAS:1361412562310122100", "OPENVAS:1361412562310881388", "OPENVAS:881388", "OPENVAS:1361412562310880981", "OPENVAS:1361412562310870477", "OPENVAS:880969"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2011-1219.NASL", "REDHAT-RHSA-2011-1220.NASL", "ORACLELINUX_ELSA-2011-1219.NASL", "ORACLELINUX_ELSA-2011-1220.NASL", "SL_20110829_SAMBA_ON_SL4_X.NASL", "CENTOS_RHSA-2011-1219.NASL", "SL_20110829_SAMBA3X_ON_SL5_X.NASL", "REDHAT-RHSA-2011-1221.NASL", "SL_20110829_SAMBA_AND_CIFS_UTILS_ON_SL6_X.NASL", "CENTOS_RHSA-2011-1220.NASL"]}, {"type": "redhat", "idList": ["RHSA-2011:1219", "RHSA-2011:1220", "RHSA-2011:1221"]}, {"type": "centos", "idList": ["CESA-2011:1220", "CESA-2011:1219"]}, {"type": "cve", "idList": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-1678", "CVE-2011-2694"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1220", "ELSA-2011-1219", "ELSA-2011-1221", "ELSA-2012-0313"]}, {"type": "seebug", "idList": ["SSV:30179"]}, {"type": "slackware", "idList": ["SSA-2011-210-03"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26754"]}, {"type": "freebsd", "idList": ["56F4B3A6-C82C-11E0-A498-00215C6A37BB"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2290-1:37050"]}, {"type": "ubuntu", "idList": ["USN-1182-1"]}, {"type": "samba", "idList": ["SAMBA:CVE-2011-2694"]}, {"type": "fedora", "idList": ["FEDORA:77E132110D", "FEDORA:F3518110AE2", "FEDORA:2354B110B14", "FEDORA:D3501201B6"]}, {"type": "gentoo", "idList": ["GLSA-201206-29"]}], "modified": "2019-05-29T18:39:06", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:39:06", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "1361412562310881285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881285\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:06 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}

{"openvas": [{"lastseen": "2018-01-02T10:57:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Check for the Version of samba", "modified": "2017-12-27T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881388", "href": "http://plugins.openvas.org/nasl.php?oid=881388", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\");\n script_id(881388);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:39:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:1361412562310880969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880969", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880969\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"samba on CentOS 4\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880981", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880981", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880981\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881388", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881388\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:39:58 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1219\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"samba on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Check for the Version of libsmbclient", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881285", "href": "http://plugins.openvas.org/nasl.php?oid=881285", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\");\n script_id(881285);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:18:06 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\",\n \"CVE-2011-2694\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Check for the Version of samba", "modified": "2017-07-10T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:880969", "href": "http://plugins.openvas.org/nasl.php?oid=880969", "type": "openvas", "title": "CentOS Update for samba CESA-2011:1219 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba CESA-2011:1219 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"samba on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\");\n script_id(880969);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for samba CESA-2011:1219 centos4 i386\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:1361412562310870477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870477", "type": "openvas", "title": "RedHat Update for samba RHSA-2011:1219-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2011:1219-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870477\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1219-01\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"RedHat Update for samba RHSA-2011:1219-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(5|4)\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n\n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n\n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n\n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n\n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n\n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n\n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522, the Debian Security Team for reporting CVE-2010-0787,\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694, Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522, and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Check for the Version of samba", "modified": "2017-07-12T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:870477", "href": "http://plugins.openvas.org/nasl.php?oid=870477", "type": "openvas", "title": "RedHat Update for samba RHSA-2011:1219-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2011:1219-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"samba on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00021.html\");\n script_id(870477);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:58:04 +0200 (Wed, 07 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1219-01\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"RedHat Update for samba RHSA-2011:1219-01\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~0.34.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Check for the Version of libsmbclient", "modified": "2017-07-10T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:880981", "href": "http://plugins.openvas.org/nasl.php?oid=880981", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2011:1219 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is a suite of programs used by machines to share files, printers, and\n other information.\n\n A cross-site scripting (XSS) flaw was found in the password change page of\n the Samba Web Administration Tool (SWAT). If a remote attacker could trick\n a user, who was logged into the SWAT interface, into visiting a\n specially-crafted URL, it would lead to arbitrary web script execution in\n the context of the user's SWAT session. (CVE-2011-2694)\n \n It was found that SWAT web pages did not protect against Cross-Site\n Request Forgery (CSRF) attacks. If a remote attacker could trick a user,\n who was logged into the SWAT interface, into visiting a specially-crafted\n URL, the attacker could perform Samba configuration changes with the\n privileges of the logged in user. (CVE-2011-2522)\n \n A race condition flaw was found in the way the mount.cifs tool mounted CIFS\n (Common Internet File System) shares. If mount.cifs had the setuid bit set,\n a local attacker could conduct a symbolic link attack to trick mount.cifs\n into mounting a share over an arbitrary directory they were otherwise not\n allowed to mount to, possibly allowing them to escalate their privileges.\n (CVE-2010-0787)\n \n It was found that the mount.cifs tool did not properly handle share or\n directory names containing a newline character. If mount.cifs had the\n setuid bit set, a local attacker could corrupt the mtab (mounted file\n systems table) file via a specially-crafted CIFS share mount request.\n (CVE-2010-0547)\n \n It was found that the mount.cifs tool did not handle certain errors\n correctly when updating the mtab file. If mount.cifs had the setuid bit\n set, a local attacker could corrupt the mtab file by setting a small file\n size limit before running mount.cifs. (CVE-2011-1678)\n \n Note: mount.cifs from the samba packages distributed by Red Hat does not\n have the setuid bit set. We recommend that administrators do not manually\n set the setuid bit for mount.cifs.\n \n Red Hat would like to thank the Samba project for reporting CVE-2011-2694\n and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\n and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\n Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\n CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\n of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\n as the original reporter of CVE-2010-0787.\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing this\n update, the smb service will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\");\n script_id(880981);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1219\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n script_name(\"CentOS Update for libsmbclient CESA-2011:1219 centos5 i386\");\n\n script_summary(\"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "Oracle Linux Local Security Checks ELSA-2011-1219", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122100", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1219.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122100\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1219\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1219 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1219\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1219.html\");\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.29.el5_7.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:45:58", "description": "Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61123);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3574\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28eeef62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:15", "description": "Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 28, "published": "2011-08-30T00:00:00", "title": "CentOS 4 / 5 : samba (CESA-2011:1219)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2011-08-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-common", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/55997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1219 and \n# CentOS Errata and Security Advisory 2011:1219 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55997);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"CentOS 4 / 5 : samba (CESA-2011:1219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6da8e78\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-August/017709.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d50dd8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017966.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe52cf92\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017967.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74ab0647\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29bfd921\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000137.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b1868b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:13", "description": "From Red Hat Security Advisory 2011:1219 :\n\nUpdated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : samba (ELSA-2011-1219)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba-common", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:samba-client", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:libsmbclient-devel"], "id": "ORACLELINUX_ELSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/68335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1219 and \n# Oracle Linux Security Advisory ELSA-2011-1219 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68335);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"Oracle Linux 4 / 5 : samba (ELSA-2011-1219)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1219 :\n\nUpdated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002317.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:44", "description": "Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 28, "published": "2011-08-30T00:00:00", "title": "RHEL 4 / 5 : samba (RHSA-2011:1219)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2011-08-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2011-1219.NASL", "href": "https://www.tenable.com/plugins/nessus/55999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1219. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55999);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2010-0787\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-3585\");\n script_bugtraq_id(37992);\n script_xref(name:\"RHSA\", value:\"2011:1219\");\n\n script_name(english:\"RHEL 4 / 5 : samba (RHSA-2011:1219)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted\nCIFS (Common Internet File System) shares. If mount.cifs had the\nsetuid bit set, a local attacker could conduct a symbolic link attack\nto trick mount.cifs into mounting a share over an arbitrary directory\nthey were otherwise not allowed to mount to, possibly allowing them to\nescalate their privileges. (CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522; the Debian Security Team for\nreporting CVE-2010-0787; and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694;\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522; and the Debian Security Team acknowledges Ronald\nVolgers as the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1219\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1219\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-client-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-common-3.0.33-0.34.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-swat-3.0.33-0.34.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.29.el5_7.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:15", "description": "Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 27, "published": "2011-09-23T00:00:00", "title": "CentOS 5 : samba3x (CESA-2011:1220)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2011-09-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba3x-doc", "p-cpe:/a:centos:centos:samba3x-client", "p-cpe:/a:centos:centos:samba3x-swat", "p-cpe:/a:centos:centos:samba3x-common", "p-cpe:/a:centos:centos:samba3x-winbind", "p-cpe:/a:centos:centos:samba3x", "p-cpe:/a:centos:centos:samba3x-winbind-devel", "p-cpe:/a:centos:centos:samba3x-domainjoin-gui", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/56272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1220 and \n# CentOS Errata and Security Advisory 2011:1220 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56272);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"CentOS 5 : samba3x (CESA-2011:1220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017970.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8ce0973\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-September/017971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36d07a6a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d51ee4c3\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000141.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?688950e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:13", "description": "From Red Hat Security Advisory 2011:1220 :\n\nUpdated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : samba3x (ELSA-2011-1220)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba3x-common", "p-cpe:/a:oracle:linux:samba3x-domainjoin-gui", "p-cpe:/a:oracle:linux:samba3x-winbind-devel", "p-cpe:/a:oracle:linux:samba3x-doc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:samba3x", "p-cpe:/a:oracle:linux:samba3x-winbind", "p-cpe:/a:oracle:linux:samba3x-swat", "p-cpe:/a:oracle:linux:samba3x-client"], "id": "ORACLELINUX_ELSA-2011-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/68336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1220 and \n# Oracle Linux Security Advisory ELSA-2011-1220 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68336);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"Oracle Linux 5 : samba3x (ELSA-2011-1220)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1220 :\n\nUpdated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002318.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:58", "description": "Samba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Scientific Linux 6,\nwas incomplete. The mount.cifs tool did not properly handle share or\ndirectory names containing a newline character, allowing a local\nattacker to corrupt the mtab (mounted file systems table) file via a\nspecially crafted CIFS share mount request, if mount.cifs had the\nsetuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bug :\n\n - If plain text passwords were used ('encrypt passwords =\n no' in '/etc/samba/smb.conf'), Samba clients running the\n Windows XP or Windows Server 2003 operating system may\n not have been able to access Samba shares after\n installing the Microsoft Security Bulletin MS11-043.\n This update corrects this issue, allowing such clients\n to use plain text passwords to access Samba shares.\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba and cifs-utils on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA_AND_CIFS_UTILS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61122);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n\n script_name(english:\"Scientific Linux Security Update : samba and cifs-utils on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Scientific Linux 6,\nwas incomplete. The mount.cifs tool did not properly handle share or\ndirectory names containing a newline character, allowing a local\nattacker to corrupt the mtab (mounted file systems table) file via a\nspecially crafted CIFS share mount request, if mount.cifs had the\nsetuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nThis update also fixes the following bug :\n\n - If plain text passwords were used ('encrypt passwords =\n no' in '/etc/samba/smb.conf'), Samba clients running the\n Windows XP or Windows Server 2003 operating system may\n not have been able to access Samba shares after\n installing the Microsoft Security Bulletin MS11-043.\n This update corrects this issue, allowing such clients\n to use plain text passwords to access Samba shares.\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3436\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0c71f5d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"cifs-utils-debuginfo-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:44", "description": "Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 28, "published": "2011-08-30T00:00:00", "title": "RHEL 5 : samba3x (RHSA-2011:1220)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2011-08-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel"], "id": "REDHAT-RHSA-2011-1220.NASL", "href": "https://www.tenable.com/plugins/nessus/56000", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1220. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56000);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n script_xref(name:\"RHSA\", value:\"2011:1220\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2011:1220)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba3x packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba\nrebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not\nproperly handle share or directory names containing a newline\ncharacter, allowing a local attacker to corrupt the mtab (mounted file\nsystems table) file via a specially crafted CIFS (Common Internet File\nSystem) share mount request, if mount.cifs had the setuid bit set.\n(CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1220\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1220\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:58", "description": "Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547 was incomplete. The\nmount.cifs tool did not properly handle share or directory names\ncontaining a newline character, allowing a local attacker to corrupt\nthe mtab (mounted file systems table) file via a specially crafted\nCIFS (Common Internet File System) share mount request, if mount.cifs\nhad the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110829_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61121);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547 was incomplete. The\nmount.cifs tool did not properly handle share or directory names\ncontaining a newline character, allowing a local attacker to corrupt\nthe mtab (mounted file systems table) file via a specially crafted\nCIFS (Common Internet File System) share mount request, if mount.cifs\nhad the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Scientific\nLinux does not have the setuid bit set. We recommend that\nadministrators do not manually set the setuid bit for mount.cifs.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=3703\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa1c9467\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.5.4-0.83.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.5.4-0.83.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:13", "description": "From Red Hat Security Advisory 2011:1221 :\n\nUpdated samba and cifs-utils packages that fix multiple security\nissues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Red Hat Enterprise\nLinux 6, was incomplete. The mount.cifs tool did not properly handle\nshare or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file\nvia a specially crafted CIFS share mount request, if mount.cifs had\nthe setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat\ndoes not have the setuid bit set. We recommend that administrators do\nnot manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in\n'/etc/samba/smb.conf'), Samba clients running the Windows XP or\nWindows Server 2003 operating system may not have been able to access\nSamba shares after installing the Microsoft Security Bulletin\nMS11-043. This update corrects this issue, allowing such clients to\nuse plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : cifs-utils / samba (ELSA-2011-1221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-3585", "CVE-2011-2522", "CVE-2011-2694"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-doc", "p-cpe:/a:oracle:linux:samba-domainjoin-gui", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:cifs-utils", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba-winbind-devel"], "id": "ORACLELINUX_ELSA-2011-1221.NASL", "href": "https://www.tenable.com/plugins/nessus/68337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1221 and \n# Oracle Linux Security Advisory ELSA-2011-1221 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68337);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-0547\", \"CVE-2011-1678\", \"CVE-2011-2522\", \"CVE-2011-2694\", \"CVE-2011-2724\", \"CVE-2011-3585\");\n script_xref(name:\"RHSA\", value:\"2011:1221\");\n\n script_name(english:\"Oracle Linux 6 : cifs-utils / samba (ELSA-2011-1221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1221 :\n\nUpdated samba and cifs-utils packages that fix multiple security\nissues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information. The cifs-utils package contains\nutilities for mounting and managing CIFS (Common Internet File System)\nshares.\n\nA cross-site scripting (XSS) flaw was found in the password change\npage of the Samba Web Administration Tool (SWAT). If a remote attacker\ncould trick a user, who was logged into the SWAT interface, into\nvisiting a specially crafted URL, it would lead to arbitrary web\nscript execution in the context of the user's SWAT session.\n(CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a\nuser, who was logged into the SWAT interface, into visiting a\nspecially crafted URL, the attacker could perform Samba configuration\nchanges with the privileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the\ncifs-utils package included in the GA release of Red Hat Enterprise\nLinux 6, was incomplete. The mount.cifs tool did not properly handle\nshare or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file\nvia a specially crafted CIFS share mount request, if mount.cifs had\nthe setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid\nbit set, a local attacker could corrupt the mtab file by setting a\nsmall file size limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat\ndoes not have the setuid bit set. We recommend that administrators do\nnot manually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting\nCVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting\nCVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA\nSecurity Corporation as the original reporter of CVE-2011-2694, and\nYoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of\nCVE-2011-2522.\n\nThis update also fixes the following bug :\n\n* If plain text passwords were used ('encrypt passwords = no' in\n'/etc/samba/smb.conf'), Samba clients running the Windows XP or\nWindows Server 2003 operating system may not have been able to access\nSamba shares after installing the Microsoft Security Bulletin\nMS11-043. This update corrects this issue, allowing such clients to\nuse plain text passwords to access Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues.\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002315.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cifs-utils and / or samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"cifs-utils-4.8.1-2.el6_1.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-client-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-common-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-doc-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-swat-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils / libsmbclient / libsmbclient-devel / samba / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T11:39:29", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.", "edition": 3, "cvss3": {}, "published": "2011-07-29T20:55:00", "title": "CVE-2011-2522", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2522"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2011-2522", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2522", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:06", "description": "smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.", "edition": 5, "cvss3": {}, "published": "2011-04-10T02:55:00", "title": "CVE-2011-1678", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1678"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:samba:samba:3.5.8"], "id": "CVE-2011-1678", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1678", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.", "edition": 3, "cvss3": {}, "published": "2010-03-02T18:30:00", "title": "CVE-2010-0787", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0787"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.0.28a", "cpe:/a:samba:samba:3.2.3"], "id": "CVE-2010-0787", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0787", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:29", "description": "Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).\nPer: http://www.samba.org/samba/security/CVE-2011-2694\r\n\r\n'Note that SWAT must be enabled in order for this vulnerability to be exploitable. By default, SWAT is *not* enabled on a Samba install.'\r\n", "edition": 3, "cvss3": {}, "published": "2011-07-29T20:55:00", "title": "CVE-2011-2694", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2694"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.5", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2011-2694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2694", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:36", "description": "client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.", "edition": 5, "cvss3": {}, "published": "2010-02-04T20:15:00", "title": "CVE-2010-0547", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0547"], "modified": "2013-04-19T02:58:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:2.2.4", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:2.2a", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:2.2.6", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:2.2.8", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:2.2.10", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:2.2.3", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:2.2.9", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:2.2.5", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:2.2.0a", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:2.2.7a", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:2.2.8a", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:2.2.2", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:2.2.12", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:2.2.3a", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:2.2.1a", "cpe:/a:samba:samba:3.0.27a", "cpe:/a:samba:samba:2.2.7", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:2.2.0", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:2.2.1", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:1.9.18", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:1.9.17", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.28a", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:2.2.11", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2010-0547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0547", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:p5:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:p1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p10:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p8:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p5:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p7:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p6:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:p2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:p4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.17:p3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:1.9.18:p3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-10-30T13:23:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1219\n\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of\nthe Samba Web Administration Tool (SWAT). If a remote attacker could trick\na user, who was logged into the SWAT interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user's SWAT session. (CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the SWAT interface, into visiting a specially-crafted\nURL, the attacker could perform Samba configuration changes with the\nprivileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS\n(Common Internet File System) shares. If mount.cifs had the setuid bit set,\na local attacker could conduct a symbolic link attack to trick mount.cifs\ninto mounting a share over an arbitrary directory they were otherwise not\nallowed to mount to, possibly allowing them to escalate their privileges.\n(CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially-crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid bit\nset, a local attacker could corrupt the mtab file by setting a small file\nsize limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not\nhave the setuid bit set. We recommend that administrators do not manually\nset the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694\nand CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\nand Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\nNobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\nCVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\nof CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\nas the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029746.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/029747.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030004.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030005.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006336.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006337.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1219.html", "edition": 13, "modified": "2011-09-22T10:01:07", "published": "2011-08-29T21:13:06", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/029746.html", "id": "CESA-2011:1219", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-30T13:20:26", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1220\n\n\nSamba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of\nthe Samba Web Administration Tool (SWAT). If a remote attacker could trick\na user, who was logged into the SWAT interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user's SWAT session. (CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the SWAT interface, into visiting a specially-crafted\nURL, the attacker could perform Samba configuration changes with the\nprivileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba rebase\nin RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\nhandle share or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file via a\nspecially-crafted CIFS (Common Internet File System) share mount request,\nif mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid bit\nset, a local attacker could corrupt the mtab file by setting a small file\nsize limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does not\nhave the setuid bit set. We recommend that administrators do not manually\nset the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694\nand CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\nacknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\noriginal reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\nas the original reporter of CVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030008.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/030009.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006340.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/006341.html\n\n**Affected packages:**\nsamba3x\nsamba3x-client\nsamba3x-common\nsamba3x-doc\nsamba3x-domainjoin-gui\nsamba3x-swat\nsamba3x-winbind\nsamba3x-winbind-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1220.html", "edition": 9, "modified": "2011-09-22T10:01:11", "published": "2011-09-01T16:12:20", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/006340.html", "id": "CESA-2011:1220", "title": "samba3x security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:33:05", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2010-0787", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-3585"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of\nthe Samba Web Administration Tool (SWAT). If a remote attacker could trick\na user, who was logged into the SWAT interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user's SWAT session. (CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the SWAT interface, into visiting a specially-crafted\nURL, the attacker could perform Samba configuration changes with the\nprivileges of the logged in user. (CVE-2011-2522)\n\nA race condition flaw was found in the way the mount.cifs tool mounted CIFS\n(Common Internet File System) shares. If mount.cifs had the setuid bit set,\na local attacker could conduct a symbolic link attack to trick mount.cifs\ninto mounting a share over an arbitrary directory they were otherwise not\nallowed to mount to, possibly allowing them to escalate their privileges.\n(CVE-2010-0787)\n\nIt was found that the mount.cifs tool did not properly handle share or\ndirectory names containing a newline character. If mount.cifs had the\nsetuid bit set, a local attacker could corrupt the mtab (mounted file\nsystems table) file via a specially-crafted CIFS share mount request.\n(CVE-2010-0547)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid bit\nset, a local attacker could corrupt the mtab file by setting a small file\nsize limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba packages distributed by Red Hat does not\nhave the setuid bit set. We recommend that administrators do not manually\nset the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694\nand CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787;\nand Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges\nNobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of\nCVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter\nof CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers\nas the original reporter of CVE-2010-0787.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2017-09-08T12:07:56", "published": "2011-08-29T04:00:00", "id": "RHSA-2011:1219", "href": "https://access.redhat.com/errata/RHSA-2011:1219", "type": "redhat", "title": "(RHSA-2011:1219) Moderate: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information.\n\nA cross-site scripting (XSS) flaw was found in the password change page of\nthe Samba Web Administration Tool (SWAT). If a remote attacker could trick\na user, who was logged into the SWAT interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user's SWAT session. (CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the SWAT interface, into visiting a specially-crafted\nURL, the attacker could perform Samba configuration changes with the\nprivileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided by the Samba rebase\nin RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly\nhandle share or directory names containing a newline character, allowing a\nlocal attacker to corrupt the mtab (mounted file systems table) file via a\nspecially-crafted CIFS (Common Internet File System) share mount request,\nif mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid bit\nset, a local attacker could corrupt the mtab file by setting a small file\nsize limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the samba3x packages distributed by Red Hat does not\nhave the setuid bit set. We recommend that administrators do not manually\nset the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694\nand CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\nacknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\noriginal reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\nas the original reporter of CVE-2011-2522.\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2017-09-08T11:55:14", "published": "2011-08-29T04:00:00", "id": "RHSA-2011:1220", "href": "https://access.redhat.com/errata/RHSA-2011:1220", "type": "redhat", "title": "(RHSA-2011:1220) Moderate: samba3x security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:30:58", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2522", "CVE-2011-2694", "CVE-2011-2724", "CVE-2011-3585"], "description": "Samba is a suite of programs used by machines to share files, printers, and\nother information. The cifs-utils package contains utilities for mounting\nand managing CIFS (Common Internet File System) shares.\n\nA cross-site scripting (XSS) flaw was found in the password change page of\nthe Samba Web Administration Tool (SWAT). If a remote attacker could trick\na user, who was logged into the SWAT interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user's SWAT session. (CVE-2011-2694)\n\nIt was found that SWAT web pages did not protect against Cross-Site\nRequest Forgery (CSRF) attacks. If a remote attacker could trick a user,\nwho was logged into the SWAT interface, into visiting a specially-crafted\nURL, the attacker could perform Samba configuration changes with the\nprivileges of the logged in user. (CVE-2011-2522)\n\nIt was found that the fix for CVE-2010-0547, provided in the cifs-utils\npackage included in the GA release of Red Hat Enterprise Linux 6, was\nincomplete. The mount.cifs tool did not properly handle share or directory\nnames containing a newline character, allowing a local attacker to corrupt\nthe mtab (mounted file systems table) file via a specially-crafted CIFS\nshare mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)\n\nIt was found that the mount.cifs tool did not handle certain errors\ncorrectly when updating the mtab file. If mount.cifs had the setuid bit\nset, a local attacker could corrupt the mtab file by setting a small file\nsize limit before running mount.cifs. (CVE-2011-1678)\n\nNote: mount.cifs from the cifs-utils package distributed by Red Hat does\nnot have the setuid bit set. We recommend that administrators do not\nmanually set the setuid bit for mount.cifs.\n\nRed Hat would like to thank the Samba project for reporting CVE-2011-2694\nand CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream\nacknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the\noriginal reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.\nas the original reporter of CVE-2011-2522.\n\nThis update also fixes the following bug:\n\n* If plain text passwords were used (\"encrypt passwords = no\" in\n\"/etc/samba/smb.conf\"), Samba clients running the Windows XP or Windows\nServer 2003 operating system may not have been able to access Samba shares\nafter installing the Microsoft Security Bulletin MS11-043. This update\ncorrects this issue, allowing such clients to use plain text passwords to\naccess Samba shares. (BZ#728517)\n\nUsers of samba and cifs-utils are advised to upgrade to these updated\npackages, which contain backported patches to resolve these issues. After\ninstalling this update, the smb service will be restarted automatically.\n", "modified": "2018-06-06T20:24:22", "published": "2011-08-29T04:00:00", "id": "RHSA-2011:1221", "href": "https://access.redhat.com/errata/RHSA-2011:1221", "type": "redhat", "title": "(RHSA-2011:1221) Moderate: samba and cifs-utils security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-2724", "CVE-2011-3585", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694"], "description": "[3.0.33-3.29.el5.4]\n- Security Release, Add fix also for CVE-2011-2724\n- related: #722552\n[3.0.33-3.29.el5.3]\n- Security Release, fixes CVE-2010-0547, CVE-2010-0787, CVE-2011-2694,\n CVE-2011-2522, CVE-2011-1678\n- resolves: #722552", "edition": 4, "modified": "2011-08-29T00:00:00", "published": "2011-08-29T00:00:00", "id": "ELSA-2011-1219", "href": "http://linux.oracle.com/errata/ELSA-2011-1219.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2011-1678", "CVE-2011-0719", "CVE-2010-0926", "CVE-2011-2724", "CVE-2010-0787", "CVE-2011-2522", "CVE-2011-2694", "CVE-2010-3069"], "description": "[3.0.33-3.37.el5]\n- Regenerate manpage for 'wide links' and 'unix extensions' sections\n- related: #722553\n[3.0.33-3.36.el5]\n- Security Release, fixes CVE-2010-0926\n- resolves: #722553\n[3.0.33-3.35.el5]\n- Fix smbclient return code\n- resolves: #768908\n[3.0.33-3.34.el5]\n- Fix support for Windows 2008 R2 domains\n- resolves: #736124\n[3.0.33-3.33.el5]\n- Security Release, fixes CVE-2010-0547, CVE-2010-0787, CVE-2011-2694,\n CVE-2011-2522, CVE-2011-1678, CVE-2011-2724\n- resolves: #722553\n[3.0.33-3.32.el5]\n- Security Release, fixes CVE-2011-0719\n- resolves: #678331\n[3.0.33-3.30.el5]\n- Security Release, fixes CVE-2010-3069\n- resolves: #632230", "edition": 4, "modified": "2012-03-01T00:00:00", "published": "2012-03-01T00:00:00", "id": "ELSA-2012-0313", "href": "http://linux.oracle.com/errata/ELSA-2012-0313.html", "title": "samba security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1678", "CVE-2011-2724", "CVE-2011-2522", "CVE-2011-2694"], "description": "[3.5.4-0.83.2]\n- Security Release, add fix for CVE-2011-2724\n- related: #722555\n[3.5.4-0.83.1]\n- Security Release, fixes CVE-2011-2694, CVE-2011-2522, CVE-2011-1678\n- resolves: #722555", "edition": 4, "modified": "2011-08-29T00:00:00", "published": "2011-08-29T00:00:00", "id": "ELSA-2011-1220", "href": "http://linux.oracle.com/errata/ELSA-2011-1220.html", "title": "samba3x security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1678", "CVE-2011-2724", "CVE-2011-3585", "CVE-2011-2522", "CVE-2011-2694"], "description": "cifs-utils:\n[4.8.1-2.2]\n- fix handling of check_newline return code in mount.cifs (bz 725508)\n[4.8.1-2.1]\n- mount.cifs: handle ENOSPC/EFBIG condition when altering mtab (bz 725508)\nsamba:\n[3.5.6-86.4]\n- Fix cleartext authentication after applying Windows security patch KB2536276\n- resolves: #728517\n[3.5.6-86.3]\n- Security Release, fixes CVE-2011-2694, CVE-2011-2522\n- resolves: #722560\n[3.5.6-86.2]\n- Fix cups location publishing\n- resolves: #716374\n[3.5.6-86.1]\n- Fix joining principal\n- resolves: #717563", "edition": 4, "modified": "2011-08-29T00:00:00", "published": "2011-08-29T00:00:00", "id": "ELSA-2011-1221", "href": "http://linux.oracle.com/errata/ELSA-2011-1221.html", "title": "samba and cifs-utils security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:54:24", "description": "BUGTRAQ ID: 51165\r\nCVE ID: CVE-2011-1678\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u5185\u6838\u5d29\u6e83\u3001\u62d2\u7edd\u670d\u52a1\u5408\u6cd5\u7528\u6237\r\n0\r\nLinux kernel 2.6.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2012-03-10T00:00:00", "type": "seebug", "title": "Linux kernel 2.6.x\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e(CVE-2011-1678)", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1678"], "modified": "2012-03-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30179", "id": "SSV:30179", "sourceData": "", "sourceHref": "", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "slackware": [{"lastseen": "2020-10-25T16:35:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "New samba packages are available for Slackware 13.1, 13.37, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/samba-3.5.10-i486-1_slack13.37.txz: Upgraded.\n Fixed cross-site request forgery and cross-site scripting vulnerability\n in SWAT (the Samba Web Administration Tool).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/samba-3.5.10-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/samba-3.5.10-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/samba-3.5.10-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/samba-3.5.10-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.5.10-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-3.5.10-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.1 package:\n9dd8c9e4a6881ea5b82cf8e3d59e0256 samba-3.5.10-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\na9364edef99d026831b38757de582109 samba-3.5.10-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n9139d218c171399faf99c23f70ac755d samba-3.5.10-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n5e5757633918950d795280efb7a88d08 samba-3.5.10-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n0e347b1e1648bcc94582392e573da4a4 samba-3.5.10-i486-1.txz\n\nSlackware x86_64 -current package:\n0c6a7ddf8633a1f3087b10397bea9abe samba-3.5.10-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-3.5.10-i486-1_slack13.37.txz\n\nThen, if Samba is running restart it:\n\n > /etc/rc.d/rc.samba restart", "modified": "2011-07-29T23:19:02", "published": "2011-07-29T23:19:02", "id": "SSA-2011-210-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.399403", "type": "slackware", "title": "[slackware-security] samba", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "samba": [{"lastseen": "2020-12-24T13:21:00", "bulletinFamily": "software", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the \"Change Password\" field, it is possible to insert arbitrary content into the \"user\" field.\nThis issue is only exploitable if CVE-2011-2522 has not been fixed.", "edition": 5, "modified": "2011-07-26T00:00:00", "published": "2011-07-26T00:00:00", "id": "SAMBA:CVE-2011-2694", "href": "https://www.samba.org/samba/security/CVE-2011-2694.html", "title": "Cross-Site Scripting vulnerability in SWAT ", "type": "samba", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:121\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : samba\r\n Date : July 27, 2011\r\n Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in samba:\r\n \r\n All current released versions of Samba are vulnerable to a cross-site\r\n request forgery in the Samba Web Administration Tool &#40;SWAT&#41;. By\r\n tricking a user who is authenticated with SWAT into clicking a\r\n manipulated URL on a different web page, it is possible to manipulate\r\n SWAT &#40;CVE-2011-2522&#41;.\r\n \r\n All current released versions of Samba are vulnerable to a cross-site\r\n scripting issue in the Samba Web Administration Tool &#40;SWAT&#41;. On the\r\n Change Password field, it is possible to insert arbitrary content\r\n into the user field &#40;CVE-2011-2694&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694\r\n http://www.samba.org/samba/security/CVE-2011-2522\r\n http://www.samba.org/samba/security/CVE-2011-2694\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 9cc9e01fd9061856e43097018e641173 2009.0/i586/libnetapi0-3.3.12-0.6mdv2009.0.i586.rpm\r\n 5849197b93ec2d7dbc7cabf42b6e180f 2009.0/i586/libnetapi-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n a204cfed8acae328a0d781c92b25a4e7 2009.0/i586/libsmbclient0-3.3.12-0.6mdv2009.0.i586.rpm\r\n 470d93aed289e9f3738b4b4fa59509ce 2009.0/i586/libsmbclient0-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n b8a5dcc68288c1950cb8bd6559b54d32 \r\n2009.0/i586/libsmbclient0-static-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n 5775049c53b2eeac4465ee26a2048dd8 2009.0/i586/libsmbsharemodes0-3.3.12-0.6mdv2009.0.i586.rpm\r\n b8ab1cf26b7bac209ab22b39b0f78290 \r\n2009.0/i586/libsmbsharemodes-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n de427c913b241efdfd3cfffb76acb74a 2009.0/i586/libtalloc1-3.3.12-0.6mdv2009.0.i586.rpm\r\n 8eff88991ae8df99af483f731ead7ad6 2009.0/i586/libtalloc-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n 2b9bac234ad34b6a10d50eeb6448ece0 2009.0/i586/libtdb1-3.3.12-0.6mdv2009.0.i586.rpm\r\n 84dacda489dc578fd3a756842c3e6690 2009.0/i586/libtdb-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n 71ee2c0a2297217efd16ea6112040e91 2009.0/i586/libwbclient0-3.3.12-0.6mdv2009.0.i586.rpm\r\n 9ad4d6304b774be65c61607b2d1e8a0b 2009.0/i586/libwbclient-devel-3.3.12-0.6mdv2009.0.i586.rpm\r\n cd3593c0c0550e342a7229ffa175a5d4 2009.0/i586/mount-cifs-3.3.12-0.6mdv2009.0.i586.rpm\r\n dc8085531806d93c0166469fdd5a89e7 2009.0/i586/nss_wins-3.3.12-0.6mdv2009.0.i586.rpm\r\n e28343bbfd98be0a30620a7814c79774 2009.0/i586/samba-client-3.3.12-0.6mdv2009.0.i586.rpm\r\n dc8284526d36bf50032544ed4e8e80f8 2009.0/i586/samba-common-3.3.12-0.6mdv2009.0.i586.rpm\r\n 590a397b1590ef5488f57b08ab08f099 2009.0/i586/samba-doc-3.3.12-0.6mdv2009.0.i586.rpm\r\n c100ef8571292ed527c8bd3e943ca93a 2009.0/i586/samba-server-3.3.12-0.6mdv2009.0.i586.rpm\r\n ab463dc8bbeb3680170a56c6b5a3dae9 2009.0/i586/samba-swat-3.3.12-0.6mdv2009.0.i586.rpm\r\n 5a62898bc7558341c892b0403ea36f2a 2009.0/i586/samba-winbind-3.3.12-0.6mdv2009.0.i586.rpm \r\n 9ee90b55e914fc485c6c96ee60cc414d 2009.0/SRPMS/samba-3.3.12-0.6mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n e1f2774a45633c40d39dd586fc2627f3 2009.0/x86_64/lib64netapi0-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 7d3c8496ed0232f71e4481d49121e950 \r\n2009.0/x86_64/lib64netapi-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n f655186383d1353b58560b23ec2a98d9 2009.0/x86_64/lib64smbclient0-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n cd4070c1bb8138361573333f97cb9d3b \r\n2009.0/x86_64/lib64smbclient0-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n a3574ba9c9b556a7374d76e88e13e121 \r\n2009.0/x86_64/lib64smbclient0-static-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 0369c223a8690194bdbd4b9dcec86fe0 \r\n2009.0/x86_64/lib64smbsharemodes0-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 2aa985d6a13ec5dfae2d5c13f452dba9 \r\n2009.0/x86_64/lib64smbsharemodes-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n cfda4ba33be92d2678e74618537088d1 2009.0/x86_64/lib64talloc1-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 50484d3a699579789b0dbff8e5776c97 \r\n2009.0/x86_64/lib64talloc-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n f1ff786eb59ab39bdf4821f26a2d20a0 2009.0/x86_64/lib64tdb1-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n d27b3ec453a3d74864afaa5dc3956ea1 2009.0/x86_64/lib64tdb-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 1a1c983788b25a86bfdeacbad571e9c8 2009.0/x86_64/lib64wbclient0-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 0ef199fd9049b2d4fac2978b56366bdf \r\n2009.0/x86_64/lib64wbclient-devel-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 203a4915a3e4e35d3cde5f955ff3a3c9 2009.0/x86_64/mount-cifs-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n b8b041a09de5be2898df45f4bc173be9 2009.0/x86_64/nss_wins-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n a340753b600d97472fa73c6a97208daf 2009.0/x86_64/samba-client-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 5ee8a1182c294649a202c41e7197a028 2009.0/x86_64/samba-common-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n 4102648788115a09bb4db0edf15f332f 2009.0/x86_64/samba-doc-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n f7053955608a45f3b9dc4f04369d7644 2009.0/x86_64/samba-server-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n a1e8e8db5c1929f2f3dba2d72b786cb7 2009.0/x86_64/samba-swat-3.3.12-0.6mdv2009.0.x86_64.rpm\r\n cf89c0d68b6ded3fa57c6f2c7bcb1dc0 2009.0/x86_64/samba-winbind-3.3.12-0.6mdv2009.0.x86_64.rpm \r\n 9ee90b55e914fc485c6c96ee60cc414d 2009.0/SRPMS/samba-3.3.12-0.6mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n c8407fb5b115fa7e29e870791fe5509b 2010.1/i586/libnetapi0-3.5.3-3.3mdv2010.2.i586.rpm\r\n 3a353624d4a6bfad637256c8d31794f3 2010.1/i586/libnetapi-devel-3.5.3-3.3mdv2010.2.i586.rpm\r\n 31a9695b9c611a7fd77d05ba09768570 2010.1/i586/libsmbclient0-3.5.3-3.3mdv2010.2.i586.rpm\r\n 2bd6af9c23fb46fe64d44a1636b0f875 2010.1/i586/libsmbclient0-devel-3.5.3-3.3mdv2010.2.i586.rpm\r\n 1361df42a144aff3e63517c9f84d7f35 \r\n2010.1/i586/libsmbclient0-static-devel-3.5.3-3.3mdv2010.2.i586.rpm\r\n 803716b47d7a8f12efc8eb165145068f 2010.1/i586/libsmbsharemodes0-3.5.3-3.3mdv2010.2.i586.rpm\r\n 72bee83701f637cb6dd0e47722a723bf \r\n2010.1/i586/libsmbsharemodes-devel-3.5.3-3.3mdv2010.2.i586.rpm\r\n 2a7510678bfa6ee9d40eaa880e7f2a69 2010.1/i586/libwbclient0-3.5.3-3.3mdv2010.2.i586.rpm\r\n 56fa11cb9f2fbf5c889064fced90ccd3 2010.1/i586/libwbclient-devel-3.5.3-3.3mdv2010.2.i586.rpm\r\n 709fc583a3190fc1be921c45f5ec84e3 2010.1/i586/mount-cifs-3.5.3-3.3mdv2010.2.i586.rpm\r\n f5ca142dec3adfb1ff0b550c558c281c 2010.1/i586/nss_wins-3.5.3-3.3mdv2010.2.i586.rpm\r\n ea2b34a87f00af8afec28c9159b2e0b3 2010.1/i586/samba-client-3.5.3-3.3mdv2010.2.i586.rpm\r\n 1d4a80576824b445782de5535ac20452 2010.1/i586/samba-common-3.5.3-3.3mdv2010.2.i586.rpm\r\n 206e23906a149771fd5dc641d9308629 2010.1/i586/samba-doc-3.5.3-3.3mdv2010.2.i586.rpm\r\n 00794d9c30b017f260531b59e0ab24f7 2010.1/i586/samba-domainjoin-gui-3.5.3-3.3mdv2010.2.i586.rpm\r\n a876b022ec33d5c2e22b652a6fd50425 2010.1/i586/samba-server-3.5.3-3.3mdv2010.2.i586.rpm\r\n 1a5309c27cc5aec30c02b1812ed78827 2010.1/i586/samba-swat-3.5.3-3.3mdv2010.2.i586.rpm\r\n 5f07e391bdad5e9df04df0090a04dad1 2010.1/i586/samba-winbind-3.5.3-3.3mdv2010.2.i586.rpm \r\n ec55c88ed22ec40401ebf062caf8f001 2010.1/SRPMS/samba-3.5.3-3.3mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n ecf47a02f3d61390d715f4a0566043e7 2010.1/x86_64/lib64netapi0-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 4f34527457c203d5debef0cf550be527 \r\n2010.1/x86_64/lib64netapi-devel-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n e453e5fa3b385fd5ffb4b66f39b9ba9b 2010.1/x86_64/lib64smbclient0-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n a3f715948944982012e93ca063f0fa3a \r\n2010.1/x86_64/lib64smbclient0-devel-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n f7b7a351552ec1fcbdeeb5a771e9cdea \r\n2010.1/x86_64/lib64smbclient0-static-devel-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 0383d9a753d66b1a567561f3edda3ec0 \r\n2010.1/x86_64/lib64smbsharemodes0-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 92b710472ad790eeceadb7d4097929bd \r\n2010.1/x86_64/lib64smbsharemodes-devel-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n bf1b894fff787c46a04fc938c17e4234 2010.1/x86_64/lib64wbclient0-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n a0223136f78bbc0ee25eda6394ca33f6 \r\n2010.1/x86_64/lib64wbclient-devel-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 4307d2063fedea3c837de7d5f8a94593 2010.1/x86_64/mount-cifs-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 5b228f08a7832226fd76b16ae1ff81e1 2010.1/x86_64/nss_wins-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n f4b95ebcf4c2c77744890d539798590e 2010.1/x86_64/samba-client-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 205cc708edd03714f12c6c99140ee1a3 2010.1/x86_64/samba-common-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 5b48b08f6dec2c8ebe2b62c6b03fe12e 2010.1/x86_64/samba-doc-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 473fe127b3a94145bff86acfc6dabfb0 \r\n2010.1/x86_64/samba-domainjoin-gui-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 413b289b7293eadb13d414b1ee857522 2010.1/x86_64/samba-server-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 1adbbcade6673c68ebef226e583177ad 2010.1/x86_64/samba-swat-3.5.3-3.3mdv2010.2.x86_64.rpm\r\n 48aaab2b1ba7d078369d072840c7585c 2010.1/x86_64/samba-winbind-3.5.3-3.3mdv2010.2.x86_64.rpm \r\n ec55c88ed22ec40401ebf062caf8f001 2010.1/SRPMS/samba-3.5.3-3.3mdv2010.2.src.rpm\r\n\r\n Corporate 4.0:\r\n f66b22f5837c41292aa62bae2f955758 \r\ncorporate/4.0/i586/libsmbclient0-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 84eef87e0b33c1c06da876452e944de9 \r\ncorporate/4.0/i586/libsmbclient0-devel-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 92ae87d821a72144544948b7d864be98 \r\ncorporate/4.0/i586/libsmbclient0-static-devel-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 10ea15d06a5e0c4a6505d01b461b1dd2 corporate/4.0/i586/mount-cifs-3.0.37-0.7.20060mlcs4.i586.rpm\r\n bd1f2547607dd945901e87d61927413a corporate/4.0/i586/nss_wins-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 1332887f7c441b2dc3ab0fe44fc69813 \r\ncorporate/4.0/i586/samba-client-3.0.37-0.7.20060mlcs4.i586.rpm\r\n a9910413076f3fbe2aea16721b1da36a \r\ncorporate/4.0/i586/samba-common-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 4710e7129456ab987b29583588025ded corporate/4.0/i586/samba-doc-3.0.37-0.7.20060mlcs4.i586.rpm\r\n ae928364851b940f305a9279b3d368d0 \r\ncorporate/4.0/i586/samba-server-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 23f38017f0d58fc4b580df0afa55865d corporate/4.0/i586/samba-swat-3.0.37-0.7.20060mlcs4.i586.rpm\r\n 2cd731a9f6a4e0093fd0c575583d7f87 \r\ncorporate/4.0/i586/samba-vscan-icap-3.0.37-0.7.20060mlcs4.i586.rpm\r\n b2fa7035d8d5be7414be90dc63deb5cd \r\ncorporate/4.0/i586/samba-winbind-3.0.37-0.7.20060mlcs4.i586.rpm \r\n 19bcd48c82cd1c395519393de47039fb corporate/4.0/SRPMS/samba-3.0.37-0.7.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n c6f366304c716973474ba24b92a7c928 \r\ncorporate/4.0/x86_64/lib64smbclient0-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n ae0e7bbc4d563438dd90410f116d8fc7 \r\ncorporate/4.0/x86_64/lib64smbclient0-devel-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 69a1fc079d33c21388fa1d46de86b08c \r\ncorporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 4b6393bef43c766ff172f55226db8212 \r\ncorporate/4.0/x86_64/mount-cifs-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n d13da9c2baaf908d8fb073b3e7d10128 \r\ncorporate/4.0/x86_64/nss_wins-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 996fdce3ffebda101a0aae38553e162f \r\ncorporate/4.0/x86_64/samba-client-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 1b85a7a2aca96419f9aeac267b22e280 \r\ncorporate/4.0/x86_64/samba-common-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 19ab2235e8fd96e0b36f206afd6f7b0c \r\ncorporate/4.0/x86_64/samba-doc-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 79c9552285a652abefb4f8911242a36f \r\ncorporate/4.0/x86_64/samba-server-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 9279ca92b325cb5f6d8dc7c9c2123c36 \r\ncorporate/4.0/x86_64/samba-swat-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n e7db2ead647088294637ecd1f2a24fcc \r\ncorporate/4.0/x86_64/samba-vscan-icap-3.0.37-0.7.20060mlcs4.x86_64.rpm\r\n 39155c7d9d0d9f88b51ddf921bea049b \r\ncorporate/4.0/x86_64/samba-winbind-3.0.37-0.7.20060mlcs4.x86_64.rpm \r\n 19bcd48c82cd1c395519393de47039fb corporate/4.0/SRPMS/samba-3.0.37-0.7.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n f3fcdba519d74e7a853e6a30149bab13 mes5/i586/libnetapi0-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 3fddcd9bfd1b718e549c53b49668bbbf mes5/i586/libnetapi-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 3ba6bd513dd6ac0048fdde9f144059bd mes5/i586/libsmbclient0-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 68252915720e434a706e2c915ac4b71e mes5/i586/libsmbclient0-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 5b4d2009c839c7bdc8011a9cef74db74 \r\nmes5/i586/libsmbclient0-static-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 287ff08923c062c32f5bf139211a70c1 mes5/i586/libsmbsharemodes0-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 41a6f1b19d1f3026620536c2a890ef6d \r\nmes5/i586/libsmbsharemodes-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n dcbfcdd7e03e4829f7904b23d62359be mes5/i586/libtalloc1-3.3.12-0.6mdvmes5.2.i586.rpm\r\n bd4df962ab93092cf344533bbff4a802 mes5/i586/libtalloc-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 7061626f983c6094404598971d7cf5fa mes5/i586/libtdb1-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 9f8c7f708f859bc86ea354470a99095d mes5/i586/libtdb-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 41c94598e7eec3ee0cda7cd5a8ca6d50 mes5/i586/libwbclient0-3.3.12-0.6mdvmes5.2.i586.rpm\r\n f32ef4c02890fdcbdc818c2bf1238304 mes5/i586/libwbclient-devel-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 820793bc56e375e6da80dac4543414dd mes5/i586/mount-cifs-3.3.12-0.6mdvmes5.2.i586.rpm\r\n cf73eb25556a64317100b678be788974 mes5/i586/nss_wins-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 963f6a4a1fcb7cf37d2b9a0f33914684 mes5/i586/samba-client-3.3.12-0.6mdvmes5.2.i586.rpm\r\n abb6d1cbf50fcbe26de781de85fd5611 mes5/i586/samba-common-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 535800066b9bd13bba3239f57299dc28 mes5/i586/samba-doc-3.3.12-0.6mdvmes5.2.i586.rpm\r\n becfaf9e89a86a6d9179010d84f52718 mes5/i586/samba-server-3.3.12-0.6mdvmes5.2.i586.rpm\r\n 58f08050bfef6013cc00f7d19c2ad107 mes5/i586/samba-swat-3.3.12-0.6mdvmes5.2.i586.rpm\r\n e288d7ceb4b1b949b71d2a69fc12f26a mes5/i586/samba-winbind-3.3.12-0.6mdvmes5.2.i586.rpm \r\n 05cc3659b2fe742481e57b7e1d3a8754 mes5/SRPMS/samba-3.3.12-0.6mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 4662fc1c0774d4b8cc9ebcaace253217 mes5/x86_64/lib64netapi0-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 4e7f49c7c1bad8bf909dc63692a9ea7f mes5/x86_64/lib64netapi-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n afbe84ae65b4165a9eca6a87dd85e73e mes5/x86_64/lib64smbclient0-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n f4ba314b586b3f7c8f687a441f7328fb \r\nmes5/x86_64/lib64smbclient0-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n d26d9f67721f34ed6848d5c0cb250471 \r\nmes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 95561da7b1b9f0cb0894747f450bdc3b \r\nmes5/x86_64/lib64smbsharemodes0-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n a9a82a6a3e0c9d14fcfb92f26eac1557 \r\nmes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 371b970c3a268c80c92ecf34a14fd473 mes5/x86_64/lib64talloc1-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 81f24f9321a2212a78ed7788da53f740 mes5/x86_64/lib64talloc-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n a28f1a9edadfe9990b97863accb75838 mes5/x86_64/lib64tdb1-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n db0ec9e6e2886a1e5f783fd8e08c61a7 mes5/x86_64/lib64tdb-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 7465c2b13f70c868fd38c13675d14131 mes5/x86_64/lib64wbclient0-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n cc36b2b5579d51b480b5d128402d75e0 \r\nmes5/x86_64/lib64wbclient-devel-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n e79535f113acfb48825940dd2e8081fa mes5/x86_64/mount-cifs-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 18fbbd82c2908f462327eaf25650330c mes5/x86_64/nss_wins-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 37cd00d669f8380ebf91bf899e30d23d mes5/x86_64/samba-client-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n a7d9dcee04cf8e1aefeaaf0b96fcf9be mes5/x86_64/samba-common-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 8b507e54c72d8b504989699f0134e703 mes5/x86_64/samba-doc-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 30ce2681f0da16b953c032804cd36303 mes5/x86_64/samba-server-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n 3b9506cfc0460bb98b1dbc6aa9260220 mes5/x86_64/samba-swat-3.3.12-0.6mdvmes5.2.x86_64.rpm\r\n a464efc2ccede30e1a52cc8dfdd807f0 mes5/x86_64/samba-winbind-3.3.12-0.6mdvmes5.2.x86_64.rpm \r\n 05cc3659b2fe742481e57b7e1d3a8754 mes5/SRPMS/samba-3.3.12-0.6mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFOL+8nmqjQ0CJFipgRAqbrAKC5OEKv0744JUW5bq+ZNts62ebdcgCdFHj4\r\nEcc97B8kEiCESZLQ+SDPeec=\r\n=xYkC\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26754", "title": "[ MDVSA-2011:121 ] samba", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2011-08-17T01:00:53", "published": "2011-08-17T01:00:53", "id": "FEDORA:2354B110B14", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: samba-3.5.11-71.fc15.1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694", "CVE-2012-1182"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2012-04-22T03:27:16", "published": "2012-04-22T03:27:16", "id": "FEDORA:77E132110D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: samba-3.5.14-73.fc15.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0719", "CVE-2011-2522", "CVE-2011-2694"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2011-08-17T00:59:07", "published": "2011-08-17T00:59:07", "id": "FEDORA:F3518110AE2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: samba-3.5.11-79.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694", "CVE-2012-1182", "CVE-2012-2111"], "description": " Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. ", "modified": "2012-05-03T07:21:11", "published": "2012-05-03T07:21:11", "id": "FEDORA:D3501201B6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: samba-3.5.15-74.fc15.1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "\nSamba security advisory reports:\n\nAll current released versions of Samba are vulnerable to a\n\t cross-site request forgery in the Samba Web Administration Tool\n\t (SWAT). By tricking a user who is authenticated with SWAT into\n\t clicking a manipulated URL on a different web page, it is\n\t possible to manipulate SWAT.\n\n\nAll current released versions of Samba are vulnerable to a\n\t cross-site scripting issue in the Samba Web Administration Tool\n\t (SWAT). On the \"Change Password\" field, it is possible to insert\n\t arbitrary content into the \"user\" field.\n\n", "edition": 4, "modified": "2011-07-27T00:00:00", "published": "2011-07-27T00:00:00", "id": "56F4B3A6-C82C-11E0-A498-00215C6A37BB", "href": "https://vuxml.freebsd.org/freebsd/56f4b3a6-c82c-11e0-a498-00215c6a37bb.html", "title": "Samba -- cross site scripting and request forgery vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:16:16", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2290-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 07, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nVulnerability : cross-site scripting\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2522 CVE-2011-2694\n\nThe Samba Web Administration Tool (SWAT) contains several cross-site\nrequest forgery (CSRF) vulnerabilities (CVE-2011-2522) and a\ncross-site scripting vulnerability (CVE-2011-2694).\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2:3.5.6~dfsg-3squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-08-07T20:14:43", "published": "2011-08-07T20:14:43", "id": "DEBIAN:DSA-2290-1:37050", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00164.html", "title": "[SECURITY] [DSA 2290-1] samba security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2522", "CVE-2011-2694"], "description": "Yoshihiro Ishikawa discovered that the Samba Web Administration Tool (SWAT) \nwas vulnerable to cross-site request forgeries (CSRF). If a Samba \nadministrator were tricked into clicking a link on a specially crafted web \npage, an attacker could trigger commands that could modify the Samba \nconfiguration. (CVE-2011-2522)\n\nNobuhiro Tsuji discovered that the Samba Web Administration Tool (SWAT) did \nnot properly sanitize its input when processing password change requests, \nresulting in cross-site scripting (XSS) vulnerabilities. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing server \noutput during a crafted server request, a remote attacker could exploit \nthis to modify the contents, or steal confidential data, within the same \ndomain. (CVE-2011-2694)", "edition": 5, "modified": "2011-08-02T00:00:00", "published": "2011-08-02T00:00:00", "id": "USN-1182-1", "href": "https://ubuntu.com/security/notices/USN-1182-1", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0547", "CVE-2010-0787"], "description": "### Background\n\nmount-cifs is the cifs filesystem mount helper split from Samba.\n\n### Description\n\nMultiple vulnerabilities have been discovered in mount-cifs. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow local users to cause a denial of service (mtab corruption) via a crafted string. Also, local users could mount a CIFS share on an arbitrary mountpoint, and gain privileges via a symlink attack on the mountpoint directory file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nGentoo has discontinued support for mount-cifs. We recommend that users unmerge mount-cifs: \n \n \n # emerge --unmerge \"net-fs/mount-cifs\"", "edition": 1, "modified": "2014-02-02T00:00:00", "published": "2012-06-25T00:00:00", "id": "GLSA-201206-29", "href": "https://security.gentoo.org/glsa/201206-29", "type": "gentoo", "title": "mount-cifs: Multiple vulnerabilites", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}