Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:1361412562311220211017HistoryJan 08, 2021 - 12:00 a.m.
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1017)
2021-01-0800:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
3
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.7%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2021.1017");
script_cve_id("CVE-2020-14383");
script_tag(name:"creation_date", value:"2021-01-08 21:51:28 +0000 (Fri, 08 Jan 2021)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-12-04 22:15:21 +0000 (Fri, 04 Dec 2020)");
script_name("Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1017)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2021-1017");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2021-1017");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'samba' package(s) announced via the EulerOS-SA-2021-1017 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.(CVE-2020-14383)");
script_tag(name:"affected", value:"'samba' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwbclient", rpm:"libwbclient~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba", rpm:"samba~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common-tools", rpm:"samba-common-tools~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-libs", rpm:"samba-libs~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-clients", rpm:"samba-winbind-clients~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-modules", rpm:"samba-winbind-modules~4.11.6~6.h11.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS 2.0 SP9 : samba (EulerOS-SA-2021-1036)
2021-01-04 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1380)
2021-03-10 00:00:00
EulerOS 2.0 SP9 : samba (EulerOS-SA-2021-1017)
2021-01-04 00:00:00
prion
prion
Design/Logic Flaw
2020-12-02 01:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1036)
2021-01-08 00:00:00
Samba DoS Vulnerability (CVE-2020-14383)
2020-12-03 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1171)
2021-02-02 00:00:00
osv
osv
CVE-2020-14383
2020-12-02 01:15:12
samba vulnerabilities
2020-11-02 13:56:36
samba vulnerabilities
2021-05-03 20:44:00
redhatcve
redhatcve
CVE-2020-14383
2020-10-29 11:29:29
debiancve
debiancve
CVE-2020-14383
2020-12-02 01:15:00
ubuntucve
ubuntucve
CVE-2020-14383
2020-10-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-14383 affecting package samba 4.12.5-6
2024-05-13 09:07:01
cve
cve
CVE-2020-14383
2020-12-02 01:15:00
veracode
veracode
Denial Of Service (DoS)
2020-11-09 05:15:44
samba
samba
An authenticated user can crash the DCE/RPC DNS with
2020-10-29 00:00:00
alpinelinux
alpinelinux
CVE-2020-14383
2020-12-02 01:15:00
freebsd
freebsd
samba -- Multiple Vulnerabilities
2020-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: samba-4.12.10-0.fc32
2020-11-10 01:29:57
[SECURITY] Fedora 33 Update: samba-4.13.1-0.fc33
2020-11-03 01:01:17
mageia
mageia
Updated samba packages fix security vulnerabilities
2020-11-10 18:20:00
suse
suse
Security update for samba (important)
2020-11-02 00:00:00
Security update for samba (important)
2020-11-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.12.9-alt1
2020-10-29 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2020-11-02 00:00:00
Samba vulnerabilities
2021-05-03 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-12-24 00:00:00
debian
debian
[SECURITY] [DLA 3792-1] samba security update
2024-04-22 15:05:31
[SECURITY] [DLA 2463-1] samba security update
2020-11-23 03:19:15
rosalinux
rosalinux
Advisory ROSA-SA-2021-1967
2021-07-02 18:07:38
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.7%
Related for OPENVAS:1361412562311220211017