Huawei EulerOS samba package security update
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1311) | 2 Mar 202200:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1295) | 2 Mar 202200:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413) | 18 Apr 202200:00 | – | nessus |
Tenable Nessus | openSUSE 15 Security Update : samba and ldb (openSUSE-SU-2021:3647-1) | 11 Nov 202100:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1246) | 25 Feb 202200:00 | – | nessus |
Tenable Nessus | Debian DSA-5003-1 : samba - security update | 10 Nov 202100:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-1387) | 18 Apr 202200:00 | – | nessus |
Tenable Nessus | Samba 4.13.x < 4.13.14 / 4.14.x < 4.14.10 / 4.15.x < 4.15.2 Multiple Vulnerabilities | 19 Nov 202100:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1258) | 25 Feb 202200:00 | – | nessus |
Tenable Nessus | SUSE SLED15 / SLES15 Security Update : samba and ldb (SUSE-SU-2021:3647-1) | 11 Nov 202100:00 | – | nessus |
Source | Link |
---|---|
developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.1295");
script_cve_id("CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3738");
script_tag(name:"creation_date", value:"2022-03-02 14:40:28 +0000 (Wed, 02 Mar 2022)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-03-10 14:59:45 +0000 (Thu, 10 Mar 2022)");
script_name("Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-1295)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-1295");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-1295");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'samba' package(s) announced via the EulerOS-SA-2022-1295 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the way that samba as an AD domain controller can support RODC. This will allow RODC to print administrator credentials.(CVE-2020-25718)
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.(CVE-2020-25719)
A flaw was discovered in the way samba implements SMB1 authentication. Even if Kerberos authentication is required, an attacker can use this flaw to retrieve the clear text password sent over the wire.(CVE-2016-2124)
Several flaws were found in the way that samba AD DC implements storage data access and consistency checking. Attackers can use this flaw to cause damage to the entire domain.(CVE-2020-25722)
The AD Kerberos acceptance service in Samba cannot perform authorization by accessing the user's unique and long-term stable identifier.(CVE-2020-25721)
A use-after-free issue was found in the Samba AD DC RPC server, which may allow handles to point to different user states, leading to more privileged access.(CVE-2021-3738)
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.(CVE-2020-25717)");
script_tag(name:"affected", value:"'samba' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwbclient", rpm:"libwbclient~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba", rpm:"samba~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common-tools", rpm:"samba-common-tools~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-libs", rpm:"samba-libs~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-clients", rpm:"samba-winbind-clients~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-modules", rpm:"samba-winbind-modules~4.11.6~6.h17.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo