Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2005 E-Soft Inc. http://www.securityspace.comOPENVAS:53160
HistoryJan 17, 2008 - 12:00 a.m.

Debian Security Advisory DSA 463-1 (samba)

2008-01-1700:00:00
Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
11

0.0004 Low

EPSS

Percentile

5.2%

JSON

The remote host is missing an update to samba
announced via advisory DSA 463-1.

# OpenVAS Vulnerability Test
# $Id: deb_463_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 463-1
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Samba, a LanManager-like file and printer server for Unix, was found
to contain a vulnerability whereby a local user could use the smbmnt
utility, which is setuid root, to mount a file share from a remote
server which contained setuid programs under the control of the user.
These programs could then be executed to gain privileges on the local
system.

For the current stable distribution (woody) this problem has been
fixed in version 2.2.3a-13.

For the unstable distribution (sid) this problem has been fixed in
version 3.0.2-2.

We recommend that you update your samba package.";
tag_summary = "The remote host is missing an update to samba
announced via advisory DSA 463-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20463-1";

if(description)
{
 script_id(53160);
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)");
 script_bugtraq_id(9619);
 script_cve_id("CVE-2004-0186");
 script_tag(name:"cvss_base", value:"7.2");
 script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Debian Security Advisory DSA 463-1 (samba)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"samba-doc", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libpam-smbpass", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbclient", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbclient-dev", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-common", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"smbclient", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"smbfs", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"swat", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"winbind", ver:"2.2.3a-13", rls:"DEB3.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Related

debian 1
nessus 3
nvd 1
openvas 1
osv 1
debiancve 1
cve 1
cvelist 1
debian
debian
[SECURITY] [DSA 463-1] New samba packages fix privilege escalation in smbmnt
2004-03-13 02:27:34
nessus
nessus
Mandrake Linux Security Advisory : samba (MDKSA-2004:035)
2004-07-31 00:00:00
Debian DSA-463-1 : samba - privilege escalation
2004-09-29 00:00:00
Samba smbmnt Local Privilege Escalation
2011-11-18 00:00:00
nvd
nvd
CVE-2004-0186
2004-03-15 05:00:00
openvas
openvas
Debian Security Advisory DSA 463-1 (samba)
2008-01-17 00:00:00
osv
osv
samba - privilege escalation
2004-03-12 00:00:00
debiancve
debiancve
CVE-2004-0186
2004-09-01 04:00:00
cve
cve
CVE-2004-0186
2004-09-01 04:00:00
cvelist
cvelist
CVE-2004-0186
2004-09-01 04:00:00

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for OPENVAS:53160
debian1nessus3nvd1openvas1osv1debiancve1cve1cvelist1