ID OPENVAS:59013 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update as announced
via advisory SSA:2007-255-02.
# OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2007_255_02.nasl 6598 2017-07-07 09:36:44Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
and 12.0 to fix a security issue and various other bugs.";
tag_summary = "The remote host is missing an update as announced
via advisory SSA:2007-255-02.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-255-02";
if(description)
{
script_id(59013);
script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $");
script_cve_id("CVE-2007-4138");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_version("$Revision: 6598 $");
name = "Slackware Advisory SSA:2007-255-02 samba ";
script_name(name);
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("Slackware Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-slack.inc");
vuln = 0;
if(isslkpkgvuln(pkg:"samba", ver:"3.0.26a-i486-1_slack10.0", rls:"SLK10.0")) {
vuln = 1;
}
if(isslkpkgvuln(pkg:"samba", ver:"3.0.26a-i486-1_slack10.1", rls:"SLK10.1")) {
vuln = 1;
}
if(isslkpkgvuln(pkg:"samba", ver:"3.0.26a-i486-1_slack10.2", rls:"SLK10.2")) {
vuln = 1;
}
if(isslkpkgvuln(pkg:"samba", ver:"3.0.26a-i486-1_slack11.0", rls:"SLK11.0")) {
vuln = 1;
}
if(isslkpkgvuln(pkg:"samba", ver:"3.0.26a-i486-1_slack12.0", rls:"SLK12.0")) {
vuln = 1;
}
if(vuln) {
security_message(0);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Slackware Local Security Checks", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "75bace089a2a8ee0c4316956502fcf73"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "645af7630869a73ab853abe87bd2a318"}, {"key": "href", "hash": "e5496e14305ffcbddc07dbea14a1d487"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "43a3ec56ec636b53af6d97a47899295c"}, {"key": "pluginID", "hash": "c4e25d7851664f1cd585c39e76379571"}, {"key": "published", "hash": "87fb03030704c663d43a137161fbf15b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "sourceData", "hash": "d951959eb3a747df6bd50d03c6adff8a"}, {"key": "title", "hash": "b3ce8e8ada5ac2d2c18613347ca9fab9"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=59013", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2017-07-24T12:50:40"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4138"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2007-255-02.NASL", "SAMBA_3_0_26.NASL", "FREEBSD_PKG_2BC96F18683F11DC82B602E0185F8D72.NASL", "FEDORA_2007-2145.NASL", "SL_20071115_SAMBA_ON_SL5_X.NASL", "CENTOS_RHSA-2007-1016.NASL", "REDHAT-RHSA-2007-1017.NASL", "REDHAT-RHSA-2007-1016.NASL", "ORACLELINUX_ELSA-2007-1016.NASL"]}, {"type": "freebsd", "idList": ["2BC96F18-683F-11DC-82B6-02E0185F8D72"]}, {"type": "samba", "idList": ["SAMBA:CVE-2007-4138"]}, {"type": "openvas", "idList": ["OPENVAS:58793", "OPENVAS:861102", "OPENVAS:136141256231059013", "OPENVAS:1361412562310122634", "OPENVAS:1361412562310855767", "OPENVAS:855668", "OPENVAS:1361412562310855051", "OPENVAS:1361412562310855721", "OPENVAS:855368", "OPENVAS:855721"]}, {"type": "seebug", "idList": ["SSV:2213"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17978", "SECURITYVULNS:VULN:8135"]}, {"type": "slackware", "idList": ["SSA-2007-255-02"]}, {"type": "osvdb", "idList": ["OSVDB:39178"]}, {"type": "redhat", "idList": ["RHSA-2007:1016", "RHSA-2007:1017"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1016", "ELSA-2007-1017"]}, {"type": "centos", "idList": ["CESA-2007:1016"]}], "modified": "2017-07-24T12:50:40"}, "vulnersScore": 7.6}, "id": "OPENVAS:59013", "title": "Slackware Advisory SSA:2007-255-02 samba", "hash": "199c037dd9a7a6e02176b5bb5d412c0a55dde2c453ea3eff8e80d8c02d0be766", "edition": 2, "published": "2012-09-11T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:10:37", "bulletin": {"hash": "9087e4a1ddcd11fac123d8280c17dc6ac11c7e39509174faef2599e03dd575b5", "viewCount": 0, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.", "hashmap": [{"key": "description", "hash": "645af7630869a73ab853abe87bd2a318"}, {"key": "sourceData", "hash": "8f821a053b6a6dbff5fc66934f6d77d7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "pluginID", "hash": "c4e25d7851664f1cd585c39e76379571"}, {"key": "modified", "hash": "9e1a9043f61d490de29fca9d4b6d70c0"}, {"key": "cvelist", "hash": "75bace089a2a8ee0c4316956502fcf73"}, {"key": "title", "hash": "b3ce8e8ada5ac2d2c18613347ca9fab9"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "43a3ec56ec636b53af6d97a47899295c"}, {"key": "href", "hash": "e5496e14305ffcbddc07dbea14a1d487"}, {"key": "published", "hash": "87fb03030704c663d43a137161fbf15b"}], "naslFamily": "Slackware Local Security Checks", "modified": "2017-04-11T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=59013", "published": "2012-09-11T00:00:00", "enchantments": {}, "id": "OPENVAS:59013", "title": "Slackware Advisory SSA:2007-255-02 samba", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_255_02.nasl 5931 2017-04-11 09:02:04Z teissa $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,\nand 12.0 to fix a security issue and various other bugs.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-255-02\";\n \nif(description)\n{\n script_id(59013);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_cve_id(\"CVE-2007-4138\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 5931 $\");\n name = \"Slackware Advisory SSA:2007-255-02 samba \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2007-4138"], "lastseen": "2017-07-02T21:10:37", "pluginID": "59013"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2007-4138"], "lastseen": "2017-07-24T12:50:40", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_255_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,\nand 12.0 to fix a security issue and various other bugs.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-255-02\";\n \nif(description)\n{\n script_id(59013);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-4138\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2007-255-02 samba \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "59013"}
{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the \"winbind nss info\" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.", "modified": "2018-10-15T21:33:00", "id": "CVE-2007-4138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4138", "published": "2007-09-14T01:17:00", "title": "CVE-2007-4138", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:57:02", "bulletinFamily": "scanner", "description": "Check for the Version of samba", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861102", "id": "OPENVAS:861102", "title": "Fedora Update for samba FEDORA-2007-2145", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba FEDORA-2007-2145\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"samba on Fedora 7\";\ntag_insight = \"Samba is the suite of programs by which a lot of PC-related machines\n share files, printers, and other information (such as lists of\n available files and printers). The Windows NT, OS/2, and Linux\n operating systems support this natively, and add-on packages can\n enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,\n and more. This package provides an SMB/CIFS server that can be used to\n provide network services to SMB/CIFS clients.\n Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT\n need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html\");\n script_id(861102);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2145\");\n script_cve_id(\"CVE-2007-4138\");\n script_name( \"Fedora Update for samba FEDORA-2007-2145\");\n\n script_summary(\"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.26a~0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-29T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58793", "id": "OPENVAS:58793", "title": "FreeBSD Ports: samba", "type": "openvas", "sourceData": "#\n#VID 2bc96f18-683f-11dc-82b6-02e0185f8d72\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: samba\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.samba.org/samba/security/CVE-2007-4138.html\nhttp://www.vuxml.org/freebsd/2bc96f18-683f-11dc-82b6-02e0185f8d72.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58793);\n script_version(\"$Revision: 4175 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-29 07:45:50 +0200 (Thu, 29 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-4138\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: samba\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"samba\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.0.26a,1\")<0) {\n txt += 'Package samba version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231059013", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231059013", "title": "Slackware Advisory SSA:2007-255-02 samba", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2007_255_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.59013\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-4138\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2007-255-02 samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.0|10\\.1|10\\.2|11\\.0|12\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2007-255-02\");\n\n script_tag(name:\"insight\", value:\"New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,\nand 12.0 to fix a security issue and various other bugs.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2007-255-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.26a-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2007-1017", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122634", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122634", "title": "Oracle Linux Local Check: ELSA-2007-1017", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-1017.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122634\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:54 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-1017\");\n script_tag(name:\"insight\", value:\"ELSA-2007-1017 - Critical: samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-1017\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-1017.html\");\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.25b~1.el5_1.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.25b~1.el5_1.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.25b~1.el5_1.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.25b~1.el5_1.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:41:52", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2018-04-06T00:00:00", "published": "2009-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855668", "id": "OPENVAS:1361412562310855668", "type": "openvas", "title": "Solaris Update for Samba 119757-15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119757-15\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855668\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119757-15\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name(\"Solaris Update for Samba 119757-15\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119757-15-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119757-15\", package:\"SUNWsmbar SUNWsmbaS SUNWsmbau SUNWsmbac\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:41", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855368", "id": "OPENVAS:1361412562310855368", "title": "Solaris Update for Samba 119758-14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119758-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855368\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119758-14\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name( \"Solaris Update for Samba 119758-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119758-14-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"119758-14\", package:\"SUNWsmbau SUNWsmbaS SUNWsmbac SUNWsmbar\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:10", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855051", "id": "OPENVAS:855051", "title": "Solaris Update for Samba 119757-14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119757-14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855051);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:28:12 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119757-14\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name( \"Solaris Update for Samba 119757-14\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119757-14-1\");\n\n script_summary(\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119757-14\", package:\"SUNWsmbau SUNWsmbaS SUNWsmbac SUNWsmbar\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:15", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2017-02-20T00:00:00", "published": "2009-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855634", "id": "OPENVAS:855634", "title": "Solaris Update for Samba 119758-15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119758-15\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855634);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119758-15\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name(\"Solaris Update for Samba 119758-15\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119758-15-1\");\n\n script_summary(\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"119758-15\", package:\"SUNWsmbar SUNWsmbaS SUNWsmbau SUNWsmbac\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:51", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2017-02-20T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855767", "id": "OPENVAS:855767", "title": "Solaris Update for Samba 119758-16", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119758-16\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855767);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 15:16:45 +0200 (Tue, 13 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119758-16\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name(\"Solaris Update for Samba 119758-16\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119758-16-1\");\n\n script_summary(\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"119758-16\", package:\"SUNWsmbar SUNWsmbaS SUNWsmbau SUNWsmbac\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:23", "bulletinFamily": "scanner", "description": "Check for the Version of Samba", "modified": "2018-04-06T00:00:00", "published": "2009-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855634", "id": "OPENVAS:1361412562310855634", "type": "openvas", "title": "Solaris Update for Samba 119758-15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Samba 119758-15\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Samba on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Samba\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855634\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"119758-15\");\n script_cve_id(\"CVE-2008-4314\", \"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2007-6015\", \"CVE-2007-0452\", \"CVE-2007-2444\", \"CVE-2007-2446\", \"CVE-2007-2447\");\n script_name(\"Solaris Update for Samba 119758-15\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-119758-15-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"119758-15\", package:\"SUNWsmbar SUNWsmbaS SUNWsmbau SUNWsmbac\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-01T03:29:33", "bulletinFamily": "scanner", "description": "According to its banner, the version of the Samba server installed on\nthe remote host is affected by a local privilege escalation\nvulnerability. Specifically, the Winbind nss_info extension, when the\n", "modified": "2019-11-02T00:00:00", "id": "SAMBA_3_0_26.NASL", "href": "https://www.tenable.com/plugins/nessus/17719", "published": "2011-11-18T00:00:00", "title": "Samba idmap_ad.so Winbind nss_info Extension Local Privilege Escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17719);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/27 18:38:14\");\n\n script_cve_id(\"CVE-2007-4138\");\n script_bugtraq_id(25636);\n\n script_name(english:\"Samba idmap_ad.so Winbind nss_info Extension Local Privilege Escalation\");\n script_summary(english:\"Checks version of Samba\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a local privilege escalation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of the Samba server installed on\nthe remote host is affected by a local privilege escalation\nvulnerability. Specifically, the Winbind nss_info extension, when the\n'winbind nss info' option is set to 'rfc2307' or 'sfu', grants local\nusers the privileges of gid 0 if the 'RFC2307' or 'Services for UNIX'\nprimary group attribute is not defined.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2007-4138.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Samba version 3.0.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n\nport = get_kb_item_or_exit(\"SMB/transport\");\n\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\nif (\"Samba \" >!< lanman) exit(0, \"The SMB service listening on port \"+port+\" is not running Samba.\");\n\nversion = lanman - 'Samba ';\n\nif (ereg(pattern:\"^3\\.0\\.25($|[^0-9a-z]|pre|rc|[a-c])[^0-9]*$\", string:version, icase:TRUE))\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : 3.0.26\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse exit(0, \"The Samba \"+version+\" install listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:37:19", "bulletinFamily": "scanner", "description": "The Samba development team reports :\n\nThe idmap_ad.so library provides an nss_info extension to Winbind for\nretrieving a user", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_2BC96F18683F11DC82B602E0185F8D72.NASL", "href": "https://www.tenable.com/plugins/nessus/26087", "published": "2007-09-24T00:00:00", "title": "FreeBSD : samba -- nss_info plugin privilege escalation vulnerability (2bc96f18-683f-11dc-82b6-02e0185f8d72)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26087);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:38\");\n\n script_cve_id(\"CVE-2007-4138\");\n\n script_name(english:\"FreeBSD : samba -- nss_info plugin privilege escalation vulnerability (2bc96f18-683f-11dc-82b6-02e0185f8d72)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Samba development team reports :\n\nThe idmap_ad.so library provides an nss_info extension to Winbind for\nretrieving a user's home directory path, login shell and primary group\nid from an Active Directory domain controller. This functionality is\nenabled by defining the 'winbind nss info' smb.conf option to either\n'sfu' or 'rfc2307'.\n\nBoth the Windows 'Identity Management for Unix' and 'Services for\nUnix' MMC plug-ins allow a user to be assigned a primary group for\nUnix clients that differs from the user's Windows primary group. When\nthe rfc2307 or sfu nss_info plugin has been enabled, in the absence of\neither the RFC2307 or SFU primary group attribute, Winbind will assign\na primary group ID of 0 to the domain user queried using the\ngetpwnam() C library call.\"\n );\n # http://www.samba.org/samba/security/CVE-2007-4138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2007-4138.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2bc96f18-683f-11dc-82b6-02e0185f8d72.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75c47335\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba<3.0.26a\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba>*,1<3.0.26a,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:10:45", "bulletinFamily": "scanner", "description": "New samba packages are available for Slackware 10.0, 10.1, 10.2,\n11.0, and 12.0 to fix a security issue and various other bugs.", "modified": "2019-11-02T00:00:00", "id": "SLACKWARE_SSA_2007-255-02.NASL", "href": "https://www.tenable.com/plugins/nessus/26054", "published": "2007-09-14T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 : samba (SSA:2007-255-02)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2007-255-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(26054);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:21\");\n\n script_cve_id(\"CVE-2007-4138\");\n script_xref(name:\"SSA\", value:\"2007-255-02\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 : samba (SSA:2007-255-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New samba packages are available for Slackware 10.0, 10.1, 10.2,\n11.0, and 12.0 to fix a security issue and various other bugs.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21906586\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.0\", pkgname:\"samba\", pkgver:\"3.0.26a\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"samba\", pkgver:\"3.0.26a\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"samba\", pkgver:\"3.0.26a\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"samba\", pkgver:\"3.0.26a\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"samba\", pkgver:\"3.0.26a\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:26:32", "bulletinFamily": "scanner", "description": "This release fixes a security bug in the 3.0.25 series. It also add\nsome bug fixes initially stated to be released in the suppressed\n3.0.25d version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2007-2145.NASL", "href": "https://www.tenable.com/plugins/nessus/27754", "published": "2007-11-06T00:00:00", "title": "Fedora 7 : samba-3.0.26a-0.fc7 (2007-2145)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2145.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27754);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:25\");\n\n script_cve_id(\"CVE-2007-4138\");\n script_xref(name:\"FEDORA\", value:\"2007-2145\");\n\n script_name(english:\"Fedora 7 : samba-3.0.26a-0.fc7 (2007-2145)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes a security bug in the 3.0.25 series. It also add\nsome bug fixes initially stated to be released in the suppressed\n3.0.25d version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003726.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc420e4d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"libsmbclient-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libsmbclient-devel-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-client-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-common-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-debuginfo-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-doc-3.0.26a-0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"samba-swat-3.0.26a-0.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:14:10", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:1016 :\n\nUpdated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2007-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/67597", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : samba (ELSA-2007-1016)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1016 and \n# Oracle Linux Security Advisory ELSA-2007-1016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67597);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n script_bugtraq_id(26454, 26455);\n script_xref(name:\"RHSA\", value:\"2007:1016\");\n\n script_name(english:\"Oracle Linux 4 : samba (ELSA-2007-1016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1016 :\n\nUpdated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the 'winbind nss info' parameter in smb.conf is set to\neither 'sfu' or 'rfc2307', Samba users are incorrectly assigned the\ngroup ID of 0. (CVE-2007-4138)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick\nKing, and the Samba developers for responsibly disclosing these\nissues.\n\nAll Samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000425.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"samba-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"samba-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"samba-client-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"samba-client-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"samba-common-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"samba-common-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"samba-swat-3.0.25b-1.el4_6.2\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"samba-swat-3.0.25b-1.el4_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:16", "bulletinFamily": "scanner", "description": "Updated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2007-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/28245", "published": "2007-11-16T00:00:00", "title": "RHEL 4 : samba (RHSA-2007:1016)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28245);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/10/25 13:36:12\");\n\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n script_bugtraq_id(26454, 26455);\n script_xref(name:\"RHSA\", value:\"2007:1016\");\n\n script_name(english:\"RHEL 4 : samba (RHSA-2007:1016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the 'winbind nss info' parameter in smb.conf is set to\neither 'sfu' or 'rfc2307', Samba users are incorrectly assigned the\ngroup ID of 0. (CVE-2007-4138)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick\nKing, and the Samba developers for responsibly disclosing these\nissues.\n\nAll Samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1016\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"samba-3.0.25b-1.el4_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-client-3.0.25b-1.el4_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-common-3.0.25b-1.el4_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"samba-swat-3.0.25b-1.el4_6.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:15:07", "bulletinFamily": "scanner", "description": "Updated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2007-1016.NASL", "href": "https://www.tenable.com/plugins/nessus/67059", "published": "2013-06-29T00:00:00", "title": "CentOS 4 : samba (CESA-2007:1016)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1016 and \n# CentOS Errata and Security Advisory 2007:1016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67059);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n script_bugtraq_id(26454, 26455);\n script_xref(name:\"RHSA\", value:\"2007:1016\");\n\n script_name(english:\"CentOS 4 : samba (CESA-2007:1016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the 'winbind nss info' parameter in smb.conf is set to\neither 'sfu' or 'rfc2307', Samba users are incorrectly assigned the\ngroup ID of 0. (CVE-2007-4138)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick\nKing, and the Samba developers for responsibly disclosing these\nissues.\n\nAll Samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06d5d044\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"samba-3.0.25b-1.c4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"samba-client-3.0.25b-1.c4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"samba-common-3.0.25b-1.c4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"samba-swat-3.0.25b-1.c4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:16", "bulletinFamily": "scanner", "description": "Updated samba packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2007-1017.NASL", "href": "https://www.tenable.com/plugins/nessus/28246", "published": "2007-11-16T00:00:00", "title": "RHEL 5 : samba (RHSA-2007:1017)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1017. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28246);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2019/10/25 13:36:12\");\n\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n script_bugtraq_id(26454, 26455);\n script_xref(name:\"RHSA\", value:\"2007:1017\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2007:1017)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files,\nprinters, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the 'winbind nss info' parameter in smb.conf is set to\neither 'sfu' or 'rfc2307', Samba users are incorrectly assigned the\ngroup ID of 0. (CVE-2007-4138)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick\nKing, and the Samba developers for responsibly disclosing these\nissues.\n\nAll Samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1017\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1017\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.25b-1.el5_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.25b-1.el5_1.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:12:45", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the ", "modified": "2019-11-02T00:00:00", "id": "SL_20071115_SAMBA_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60309", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba on SL5.x, SL4.x, SL3.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60309);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2007-4138\", \"CVE-2007-4572\", \"CVE-2007-5398\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x, SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way Samba creates NetBIOS\nreplies. If a Samba server is configured to run as a WINS server, a\nremote unauthenticated user could cause the Samba server to crash or\nexecute arbitrary code. (CVE-2007-5398)\n\nA heap based buffer overflow flaw was found in the way Samba\nauthenticates users. A remote unauthenticated user could trigger this\nflaw to cause the Samba server to crash. Careful analysis of this flaw\nhas determined that arbitrary code execution is not possible, and\nunder most circumstances will not result in a crash of the Samba\nserver. (CVE-2007-4572)\n\nA flaw was found in the way Samba assigned group IDs under certain\nconditions. If the 'winbind nss info' parameter in smb.conf is set to\neither 'sfu' or 'rfc2307', Samba users are incorrectly assigned the\ngroup ID of 0. (CVE-2007-4138)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=2863\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62e21249\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"samba-3.0.9-1.3E.14.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-client-3.0.9-1.3E.14.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-common-3.0.9-1.3E.14.1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"samba-swat-3.0.9-1.3E.14.1\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"samba-3.0.25b-1.el4.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-client-3.0.25b-1.el4.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-common-3.0.25b-1.el4.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"samba-swat-3.0.25b-1.el4.2\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.25b-1.el5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.25b-1.el5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.25b-1.el5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.25b-1.el5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:32", "bulletinFamily": "unix", "description": "\nThe Samba development team reports:\n\nThe idmap_ad.so library provides an nss_info extension to\n\t Winbind for retrieving a user's home directory path, login\n\t shell and primary group id from an Active Directory domain\n\t controller. This functionality is enabled by defining the\n\t \"winbind nss info\" smb.conf option to either \"sfu\" or\n\t \"rfc2307\".\nBoth the Windows \"Identity Management for Unix\" and\n\t \"Services for Unix\" MMC plug-ins allow a user to be assigned\n\t a primary group for Unix clients that differs from the user's\n\t Windows primary group. When the rfc2307 or sfu nss_info plugin\n\t has been enabled, in the absence of either the RFC2307 or SFU\n\t primary group attribute, Winbind will assign a primary group ID\n\t of 0 to the domain user queried using the getpwnam() C library\n\t call.\n\n", "modified": "2008-09-26T00:00:00", "published": "2007-09-11T00:00:00", "id": "2BC96F18-683F-11DC-82B6-02E0185F8D72", "href": "https://vuxml.freebsd.org/freebsd/2bc96f18-683f-11dc-82b6-02e0185f8d72.html", "title": "samba -- nss_info plugin privilege escalation vulnerability", "type": "freebsd", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:59:08", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 25636\r\nCVE(CAN) ID: CVE-2007-4138\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nidmap_ad.so\u5e93\u4e2d\u4e3aWinbind\u63d0\u4f9b\u4e86nss_info\u6269\u5c55\u7528\u4e8e\u4ece\u6d3b\u52a8\u76ee\u5f55\u57df\u63a7\u5236\u53f0\u68c0\u7d22\u7528\u6237\u7684\u4e3b\u76ee\u5f55\u8def\u5f84\u3001\u767b\u5f55shell\u548c\u4e3b\u7ec4id\u7b49\uff0c\u53ef\u901a\u8fc7\u5c06winbind nss info\u7684smb.conf\u9009\u9879\u5b9a\u4e49\u4e3asfu\u6216rfc2307\u6765\u542f\u7528\u8fd9\u4e2a\u529f\u80fd\u3002\r\n\r\nWindows\u7684Identity Management for Unix\u548cServices for Unix MMC\u63d2\u4ef6\u5141\u8bb8\u4e3a\u7528\u6237\u5206\u914d\u4e00\u4e2a\u4e0eWindows\u4e3b\u7ec4\u6240\u4e0d\u540c\u7684Unix\u5ba2\u6237\u7aef\u4e3b\u7ec4\u3002\u5728\u542f\u7528\u4e86rfc2307\u6216sfu nss_info\u63d2\u4ef6\u7684\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u7f3a\u5c11RFC2307\u6216SFU\u4e3b\u7ec4\u5c5e\u6027\uff0cWinbind\u5c31\u4f1a\u4f7f\u7528getpwnam() C\u5e93\u8c03\u7528\u4e3a\u67e5\u8be2\u7684\u57df\u7528\u6237\u5206\u914d\u4e3b\u7ec4ID 0\uff0c\u8fd9\u5c31\u5141\u8bb8\u7528\u6237\u83b7\u5f97\u4e86root\u6743\u9650\u3002\r\n\n\nSamba 3.0.25 - 3.0.25c\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u786e\u4fdd\u6240\u6709\u5b58\u50a8\u5728AD\u4e2d\u7684\u7528\u6237\u90fd\u5206\u914d\u4e86Unix\u4e3b\u7ec4\u3002\r\n* \u4e0d\u518d\u4f7f\u7528sfu\u6216rfc2307 \u201cwinbind nss info\u201d\u63d2\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://us4.samba.org/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch\" target=\"_blank\">http://us4.samba.org/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch</a>\r\n<a href=\"http://www.samba.org/samba/ftp/stable/samba-3.0.26.tar.gz\" target=\"_blank\">http://www.samba.org/samba/ftp/stable/samba-3.0.26.tar.gz</a>", "modified": "2007-09-12T00:00:00", "published": "2007-09-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2213", "id": "SSV:2213", "title": "Samba NSS_Info\u63d2\u4ef6\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "samba": [{"lastseen": "2019-05-29T17:19:11", "bulletinFamily": "software", "description": "The idmap_ad.so library provides an nss_info extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf option to either "sfu" or "rfc2307".\nBoth the Windows "Identity Management for Unix" and "Services for Unix" MMC plug-ins allow a user to be assigned a primary group for Unix clients that differs from the user's Windows primary group. When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call.", "modified": "2007-09-11T00:00:00", "published": "2007-09-11T00:00:00", "id": "SAMBA:CVE-2007-4138", "href": "https://www.samba.org/samba/security/CVE-2007-4138.html", "title": "Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin. ", "type": "samba", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:26764](https://secuniaresearch.flexerasoftware.com/advisories/26764/)\n[Secunia Advisory ID:26776](https://secuniaresearch.flexerasoftware.com/advisories/26776/)\n[Secunia Advisory ID:26795](https://secuniaresearch.flexerasoftware.com/advisories/26795/)\n[Secunia Advisory ID:26834](https://secuniaresearch.flexerasoftware.com/advisories/26834/)\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000242.html\nOther Advisory URL: http://samba.org/samba/security/CVE-2007-4138.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html\nFrSIRT Advisory: ADV-2007-3120\n[CVE-2007-4138](https://vulners.com/cve/CVE-2007-4138)\nBugtraq ID: 25636\n", "modified": "2007-09-11T16:21:30", "published": "2007-09-11T16:21:30", "href": "https://vulners.com/osvdb/OSVDB:39178", "id": "OSVDB:39178", "title": "Samba idmap_ad.so Winbind nss_info Extension (nsswitch/idmap_ad.c) Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307".", "modified": "2007-09-11T00:00:00", "published": "2007-09-11T00:00:00", "id": "SECURITYVULNS:VULN:8135", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8135", "title": "Samba nss_info extension privilege escalation", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n==========================================================\r\n==\r\n== Subject: Incorrect primary group assignment for\r\n== domain users using the rfc2307 or sfu\r\n== winbind nss info plugin.\r\n==\r\n== CVE ID#: CVE-2007-4138\r\n==\r\n== Versions: Samba 3.0.25 - 3.0.25c (inclusive)\r\n==\r\n== Summary: When the "winbind nss info" parameter in\r\n== smb.conf is set to either "sfu" or "rfc2307",\r\n== Windows users are incorrectly assigned\r\n== a primary gid of 0 in the absence of the\r\n== RFC2307 or Services or Unix (SFU) primary\r\n== group attributes.\r\n==\r\n==========================================================\r\n\r\n===========\r\nDescription\r\n===========\r\n\r\nThe idmap_ad.so library provides an nss_info extension to Winbind\r\nfor retrieving a user's home directory path, login shell and\r\nprimary group id from an Active Directory domain controller. This\r\nfunctionality is enabled by defining the "winbind nss info"\r\nsmb.conf option to either "sfu" or "rfc2307".\r\n\r\nBoth the Windows "Identity Management for Unix" and "Services for\r\nUnix" MMC plug-ins allow a user to be assigned a primary group\r\nfor Unix clients that differs from the user's Windows primary group.\r\nWhen the rfc2307 or sfu nss_info plugin has been enabled, in\r\nthe absence of either the RFC2307 or SFU primary group attribute,\r\nWinbind will assign a primary group ID of 0 to the domain user\r\nqueried using the getpwnam() C library call.\r\n\r\n\r\n==================\r\nPatch Availability\r\n==================\r\n\r\nA patch addressing this defect has been posted to\r\n\r\n http://www.samba.org/samba/security/\r\n\r\nAdditionally, Samba 3.0.26 has been issued as a security\r\nrelease to correct the defect.\r\n\r\n\r\n==========\r\nWorkaround\r\n==========\r\n\r\nSamba and Active Directory administrators may avoid this security\r\nissue by two methods:\r\n\r\n(a) Ensure that all user's stored in AD are properly assigned a\r\n Unix primary group, or\r\n(b) Discontinue use of the sfu or rfc2307 "winbind nss info" plugin\r\n until a patched version of the idmap_ad.so library can be\r\n installed.\r\n\r\nNote that the problem is only evident on servers using the sfu\r\nor rfc2307 "winbind nss info" plugin and not those only making\r\nuse of Winbind's idmap_ad IDMap backend interface.\r\n\r\n\r\n=======\r\nCredits\r\n=======\r\n\r\nThis vulnerability was reported to Samba developers by Rick King\r\nas Samba Bug #4927.\r\n\r\nThe time line is as follows:\r\n\r\n* Aug 29, 2007: Initial report from Rick King.\r\n* Aug 29, 2007: First response from Samba developers confirming\r\n the bug along with a proposed patch.\r\n* Sep 4, 2007: Announcement to vendor-sec mailing list.\r\n* Sep 11, 2007: Public security advisory made available.\r\n\r\n\r\n\r\n==========================================================\r\n== Our Code, Our Bugs, Our Responsibility.\r\n== The Samba Team\r\n==========================================================\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.2.2 (Darwin)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFG5oH3IR7qMdg1EfYRAk/lAKCSKhAfe/oIJXVtjDMWwr0eAdun9QCfXv3k\r\nddDRZWO/EauwP7vmC2PSyX4=\r\n=QW1q\r\n-----END PGP SIGNATURE-----", "modified": "2007-09-11T00:00:00", "published": "2007-09-11T00:00:00", "id": "SECURITYVULNS:DOC:17978", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17978", "title": "[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:42", "bulletinFamily": "unix", "description": "New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,\nand 12.0 to fix a security issue and various other bugs.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/samba-3.0.26a-i486-1_slack12.0.tgz:\n Upgraded to samba-3.0.26a.\n This fixes a security issue in all Samba 3.0.25 versions:\n "Incorrect primary group assignment for domain users using the rfc2307\n or sfu winbind nss info plugin."\n For more information, see:\n http://www.samba.org/samba/security/CVE-2007-4138.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.26a-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.26a-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.26a-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.26a-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\n81fa953e94a089cc6fca0829055cbd3d samba-3.0.26a-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ncfe1ded07f0a67f4645b6bc7a2a10d1a samba-3.0.26a-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\ne07026225d3eefa85c655eb14f59ee4a samba-3.0.26a-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n3cef7747505fe8b408880e11ef84a95d samba-3.0.26a-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n4b4b3942f45c8764c6e0a04ed807cd89 samba-3.0.26a-i486-1_slack12.0.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-3.0.26a-i486-1_slack12.0.tgz\n\nRestart Samba:\n > /etc/rc.d/rc.samba restart", "modified": "2007-09-12T14:56:57", "published": "2007-09-12T14:56:57", "id": "SSA-2007-255-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439", "title": "samba", "type": "slackware", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:58", "bulletinFamily": "unix", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.", "modified": "2017-09-08T12:13:50", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:1017", "href": "https://access.redhat.com/errata/RHSA-2007:1017", "type": "redhat", "title": "(RHSA-2007:1017) Critical: samba security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.", "modified": "2017-09-08T11:53:32", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:1016", "href": "https://access.redhat.com/errata/RHSA-2007:1016", "type": "redhat", "title": "(RHSA-2007:1016) Critical: samba security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "unix", "description": " [3.0.25b-1]\n - samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin\n - samba buffer overflow\n - Samba \"reply_netbios_packet()\" Buffer Overflow Vulnerability ", "modified": "2007-12-04T00:00:00", "published": "2007-12-04T00:00:00", "id": "ELSA-2007-1016", "href": "http://linux.oracle.com/errata/ELSA-2007-1016.html", "title": "Critical: samba security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "unix", "description": " [3.0.25b-0.el5_1.1]\n - Security fix for CVE-2007-4138\n - Security fix for CVE-2007-4572\n - Security fix for CVE-2007-5398\n - Multilib Fix\n - resolves: #351501\n - resolves: #350761\n - resolves: #359151\n - resolves: #356851\n \n -------------- next part --------------\n An HTML attachment was scrubbed...\n URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/ec47524f/attachment.html ", "modified": "2007-11-23T00:00:00", "published": "2007-11-23T00:00:00", "id": "ELSA-2007-1017", "href": "http://linux.oracle.com/errata/ELSA-2007-1017.html", "title": "Critical: samba security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1016\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014428.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014442.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1016.html", "modified": "2007-11-16T04:39:39", "published": "2007-11-15T18:56:31", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/014428.html", "id": "CESA-2007:1016", "title": "samba security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
