Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562311220233286HistoryDec 12, 2023 - 12:00 a.m.
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-3286)
2023-12-1200:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
samba
euleros
cve-2023-4091
cve-2023-4154
cve-2023-42669
vulnerability
active directory
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3286");
script_cve_id("CVE-2023-4091", "CVE-2023-4154", "CVE-2023-42669");
script_tag(name:"creation_date", value:"2023-12-12 04:35:10 +0000 (Tue, 12 Dec 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-14 18:20:56 +0000 (Tue, 14 Nov 2023)");
script_name("Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2023-3286)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP11\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3286");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3286");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'samba' package(s) announced via the EulerOS-SA-2023-3286 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module 'acl_xattr' is configured with 'acl_xattr:ignore system acls = yes'. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.(CVE-2023-4091)
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.(CVE-2023-4154)
A vulnerability was found in Samba's 'rpcecho' development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the 'rpcecho' service operates with only one worker in the main RPC task, allowing calls to the 'rpcecho' server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a 'sleep()' call in the 'dcesrv_echo_TestSleep()' function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the 'rpcecho' server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as 'rpcecho' runs in the main RPC task.(CVE-2023-42669)");
script_tag(name:"affected", value:"'samba' package(s) on Huawei EulerOS V2.0SP11(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP11-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"libsmbclient", rpm:"libsmbclient~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwbclient", rpm:"libwbclient~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba", rpm:"samba~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-client", rpm:"samba-client~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common", rpm:"samba-common~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-common-tools", rpm:"samba-common-tools~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-libs", rpm:"samba-libs~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-clients", rpm:"samba-winbind-clients~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"samba-winbind-modules", rpm:"samba-winbind-modules~4.15.3~4.h22.eulerosv2r11", rls:"EULEROS-2.0SP11-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.11.1 : samba (EulerOS-SA-2024-1408)
2024-03-21 00:00:00
EulerOS Virtualization 2.11.0 : samba (EulerOS-SA-2024-1436)
2024-03-21 00:00:00
EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-3286)
2024-01-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for samba (SUSE-SU-2023:4059-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1436)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1408)
2024-03-21 00:00:00
osv
osv
samba regression
2023-10-11 20:11:55
samba vulnerabilities
2023-10-10 15:01:00
samba vulnerabilities
2023-10-17 11:34:39
ubuntu
ubuntu
Samba vulnerabilities
2023-10-17 00:00:00
Samba regression
2023-10-11 00:00:00
Samba vulnerabilities
2023-10-10 00:00:00
cloudfoundry
cloudfoundry
USN-6425-1: Samba vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: samba-4.17.12-1.fc37
2023-10-27 01:11:56
[SECURITY] Fedora 39 Update: samba-4.19.2-1.fc39
2023-11-03 18:58:46
[SECURITY] Fedora 38 Update: samba-4.18.8-1.fc38
2023-10-13 01:53:46
slackware
slackware
[slackware-security] samba
2023-10-11 06:45:49
debian
debian
[SECURITY] [DSA 5525-1] samba security update
2023-10-11 18:14:15
[SECURITY] [DSA 5647-1] samba security update
2024-03-24 20:22:16
[SECURITY] [DLA 3792-1] samba security update
2024-04-22 15:05:31
redhat
redhat
(RHSA-2023:7408) Moderate: samba security update
2023-11-21 09:48:42
(RHSA-2023:6209) Moderate: samba security update
2023-10-31 09:54:37
(RHSA-2023:6744) Moderate: samba security update
2023-11-07 09:45:05
oraclelinux
oraclelinux
samba security update
2023-11-23 00:00:00
samba security update
2023-11-16 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2023-12-06 01:31:41
almalinux
almalinux
Moderate: samba security update
2023-11-07 00:00:00
Moderate: samba security update
2023-11-22 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Samba may affect IBM Storage Scale SMB protocol access method (CVE-2023-4091, CVE-2023-42669, CVE-2023-3961, CVE-2023-42670)
2024-02-15 04:30:14
Security Bulletin: IBM i is vulnerable due to a flaw in Samba which could allow an attacker to bypass security restrictions (CVE-2023-4091)
2023-11-09 17:57:34
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-03-27 19:39:32
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2023-11-06 07:15:00
Design/Logic Flaw
2023-11-03 08:15:00
Design/Logic Flaw
2023-11-07 20:15:00
debiancve
debiancve
veracode
veracode
Denial Of Service (DoS)
2023-10-19 19:51:49
Privilege Escalation
2023-10-19 14:47:07
Improper Authorization
2023-10-19 14:25:12
samba
samba
"rpcecho" development server allows Denial
2023-10-10 00:00:00
Samba AD DC password exposure to privileged
2023-10-10 00:00:00
SMB clients can truncate files with
2023-10-10 00:00:00
redhatcve
redhatcve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
gentoo
gentoo
Samba: Multiple Vulnerabilities
2024-02-19 00:00:00
amazon
amazon
Medium: samba
2023-11-29 23:18:00
Medium: samba
2023-11-29 22:20:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
6.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.5%
Related for OPENVAS:1361412562311220233286