KAV's kernel patching is not limited to just system services, however. One of the most dangerous hooks that KAV installs is one in the middle of the nt!SwapContext function, which is neither exported nor a system service (and thus has no reliable mechanism to be detected by driver code, other than code fingerprinting). nt!SwapContext is called by the kernel on every context switch in order to perform some internal bookkeeping tasks.
Patching such a critical, non-exported kernel function with a mechanism as unreliable as blind code fingerprinting is, in the author's opinion, not a particularly good idea. To make matters worse, KAV actually modifies code in the middle of nt!SwapContext instead of patching the start of the function, and as such makes assumptions about the internal register and stack usage of this kernel function.
This is an extremely dangerous patching operation to make, for several reasons:
nt!SwapContext is a very hot code path, as it is called on every single context switch. Therefore, patching it at runtime without running a non-trivial risk of bringing down the system is very difficult, especially on multiprocessor systems. KAV attempts to solve the synchronization problems relating to patching this function on uniprocessor systems by disabling interrupts entirely, but this approach will not work reliably on multiprocessor systems. KAV makes no attempt to address this problem on multiprocessor systems and puts them at the risk of randomly failing on boot during KAV's patching.
Reliably locating this function and making assumptions about the register and stack usage (and instruction layout) across all released and future Windows versions is a practical impossibility, and yet KAV attempts to do just this. This puts KAV customers at the mercy of the next Windows update, which may cause their systems to crash on boot because KAV's hooking code makes an assumption that has been invalidated about the context-switching process.
Additionally, in order to perform code patching on the kernel, KAV adjusts the page protections of kernel code to be writable by altering PTE attributes directly instead of using documented functions (which would have proper locking semantics for accessing internal memory management structures).
KAV nt!SwapContext patching:
.text:F82264EA mov eax, 90909090h ; Build the code to be written to nt!SwapContext
.text:F82264EF mov [ebp+var_38], eax
.text:F82264F2 mov [ebp+var_34], eax
.text:F82264F5 mov [ebp+var_30], ax
.text:F82264F9 mov byte ptr [ebp+var_38], 0E9h
.text:F82264FD mov ecx, offset KavSwapContext
.text:F8226502 sub ecx, ebx
.text:F8226504 sub ecx, 5
.text:F8226507 mov [ebp+var_38+1], ecx
.text:F822650A mov ecx, [ebp+var_1C]
.text:F822650D lea edx, [ecx+ebx]
.text:F8226510 mov dword_F8228338, edx
.text:F8226516 mov esi, ebx
.text:F8226518 mov edi, offset unk_F8227DBC
.text:F822651D mov eax, ecx
.text:F822651F shr ecx, 2
.text:F8226522 rep movsd
.text:F8226524 mov ecx, eax
.text:F8226526 and ecx, 3
.text:F8226529 rep movsb
.text:F822652B lea ecx, [ebp+var_48] ; Make nt!SwapContext writable by directly accessing
.text:F822652B ; the PTEs.
.text:F822652E push ecx
.text:F822652F push 1
.text:F8226531 push ebx
.text:F8226532 call ModifyPteAttributes
.text:F8226537 test al, al
.text:F8226539 jz short loc_F8226588
.text:F822653B mov ecx, offset KavInternalSpinLock
.text:F8226540 call KavSpinLockAcquire ; Disable interrupts
.text:F8226545 mov ecx, [ebp+var_1C] ; Write to kernel code
.text:F8226548 lea esi, [ebp+var_38]
.text:F822654B mov edi, ebx
.text:F822654D mov edx, ecx
.text:F822654F shr ecx, 2
.text:F8226552 rep movsd
.text:F8226554 mov ecx, edx
.text:F8226556 and ecx, 3
.text:F8226559 rep movsb
.text:F822655B mov edx, eax
.text:F822655D mov ecx, offset KavInternalSpinLock
.text:F8226562 call KavSpinLockRelease ; Reenable interrupts
.text:F8226567 lea eax, [ebp+var_48] ; Restore the original PTE attributes.
.text:F822656A push eax
.text:F822656B mov ecx, [ebp+var_48]
.text:F822656E push ecx
.text:F822656F push ebx
.text:F8226570 call ModifyPteAttributes
.text:F8226575 mov al, 1
.text:F8226577 mov ecx, [ebp+var_10]
.text:F822657A mov large fs:0, ecx
.text:F8226581 pop edi
.text:F8226582 pop esi
.text:F8226583 pop ebx
.text:F8226584 mov esp, ebp
.text:F8226586 pop ebp
.text:F8226587 retn
.text:F82203C0 ModifyPteAttributes proc near ; CODE XREF: sub_F821A9D0+91p
.text:F82203C0 ; sub_F8220950+43p ...
.text:F82203C0
.text:F82203C0 var_24 = dword ptr -24h
.text:F82203C0 var_20 = byte ptr -20h
.text:F82203C0 var_1C = dword ptr -1Ch
.text:F82203C0 var_18 = dword ptr -18h
.text:F82203C0 var_10 = dword ptr -10h
.text:F82203C0 var_4 = dword ptr -4
.text:F82203C0 arg_0 = dword ptr 8
.text:F82203C0 arg_4 = byte ptr 0Ch
.text:F82203C0 arg_8 = dword ptr 10h
.text:F82203C0
.text:F82203C0 push ebp
.text:F82203C1 mov ebp, esp
.text:F82203C3 push 0FFFFFFFFh
.text:F82203C5 push offset dword_F8212180
.text:F82203CA push offset _except_handler3
.text:F82203CF mov eax, large fs:0
.text:F82203D5 push eax
.text:F82203D6 mov large fs:0, esp
.text:F82203DD sub esp, 14h
.text:F82203E0 push ebx
.text:F82203E1 push esi
.text:F82203E2 push edi
.text:F82203E3 mov [ebp+var_18], esp
.text:F82203E6 xor ebx, ebx
.text:F82203E8 mov [ebp+var_20], bl
.text:F82203EB mov esi, [ebp+arg_0]
.text:F82203EE mov ecx, esi
.text:F82203F0 call KavGetEflags
.text:F82203F5 push esi
.text:F82203F6 call KavGetPte ; This is a function pointer filled in at runtime,
.text:F82203F6 ; differing based on whether the system has PAE
.text:F82203F6 ; enabled or not.
.text:F82203FC mov edi, eax
.text:F82203FE mov [ebp+var_1C], edi
.text:F8220401 cmp edi, 0FFFFFFFFh
.text:F8220404 jz short loc_F8220458
.text:F8220406 mov [ebp+var_4], ebx
.text:F8220409 mov ecx, esi
.text:F822040B call KavGetEflags
.text:F8220410 mov eax, [edi]
.text:F8220412 test al, 1
.text:F8220414 jz short loc_F8220451
.text:F8220416 mov ecx, eax
.text:F8220418 mov [ebp+var_24], ecx
.text:F822041B cmp [ebp+arg_4], bl
.text:F822041E jz short loc_F8220429
.text:F8220420 mov eax, [ebp+var_1C]
.text:F8220423 lock or dword ptr [eax], 2
.text:F8220427 jmp short loc_F8220430
.text:F8220429 ; ---------------------------------------------------------------------------
.text:F8220429
.text:F8220429 loc_F8220429: ; CODE XREF: ModifyPteAttributes+5Ej
.text:F8220429 mov eax, [ebp+var_1C]
.text:F822042C lock and dword ptr [eax], 0FFFFFFFDh
.text:F8220430
.text:F8220430 loc_F8220430: ; CODE XREF: ModifyPteAttributes+67j
.text:F8220430 mov eax, [ebp+arg_8]
.text:F8220433 cmp eax, ebx
.text:F8220435 jz short loc_F822043C
.text:F8220437 and ecx, 2
.text:F822043A mov [eax], cl
.text:F822043C
.text:F822043C loc_F822043C: ; CODE XREF: ModifyPteAttributes+75j
.text:F822043C mov [ebp+var_20], 1
.text:F8220440 mov eax, [ebp+arg_0]
.text:F8220443 invlpg byte ptr [eax]
.text:F8220446 jmp short loc_F8220451
.text:F8220448 ; ---------------------------------------------------------------------------
.text:F8220448
.text:F8220448 loc_F8220448: ; DATA XREF: .text:F8212184o
.text:F8220448 mov eax, 1
.text:F822044D retn
.text:F822044E ; ---------------------------------------------------------------------------
.text:F822044E
.text:F822044E loc_F822044E: ; DATA XREF: .text:F8212188o
.text:F822044E mov esp, [ebp-18h]
.text:F8220451
.text:F8220451 loc_F8220451: ; CODE XREF: ModifyPteAttributes+54j
.text:F8220451 ; ModifyPteAttributes+86j
.text:F8220451 mov [ebp+var_4], 0FFFFFFFFh
.text:F8220458
.text:F8220458 loc_F8220458: ; CODE XREF: ModifyPteAttributes+44j
.text:F8220458 mov al, [ebp+var_20]
.text:F822045B mov ecx, [ebp+var_10]
.text:F822045E mov large fs:0, ecx
.text:F8220465 pop edi
.text:F8220466 pop esi
.text:F8220467 pop ebx
.text:F8220468 mov esp, ebp
.text:F822046A pop ebp
.text:F822046B retn 0Ch
.text:F822046B ModifyPteAttributes endp
{"id": "SECURITYVULNS:DOC:13197", "bulletinFamily": "software", "title": "Patching non-exported, non-system-service kernel functions", "description": "Patching non-exported, non-system-service kernel functions\r\n\r\nKAV's kernel patching is not limited to just system services, however. One of the most dangerous hooks that KAV installs is one in the middle of the nt!SwapContext function, which is neither exported nor a system service (and thus has no reliable mechanism to be detected by driver code, other than code fingerprinting). nt!SwapContext is called by the kernel on every context switch in order to perform some internal bookkeeping tasks.\r\n\r\nPatching such a critical, non-exported kernel function with a mechanism as unreliable as blind code fingerprinting is, in the author's opinion, not a particularly good idea. To make matters worse, KAV actually modifies code in the middle of nt!SwapContext instead of patching the start of the function, and as such makes assumptions about the internal register and stack usage of this kernel function.\r\n\r\nkd> u nt!SwapContext\r\nnt!SwapContext:\r\n804db924 0ac9 or cl,cl\r\n804db926 26c6462d02 mov byte ptr es:[esi+0x2d],0x2\r\n804db92b 9c pushfd\r\n804db92c 8b0b mov ecx,[ebx]\r\n804db92e e9dd69d677 jmp klif!KavSwapContext (f8242310)\r\n\r\nThe unmodified nt!SwapContext has code that runs along the lines of this:\r\n\r\nlkd> u nt!SwapContext\r\nnt!SwapContext:\r\n80540ab0 0ac9 or cl,cl\r\n80540ab2 26c6462d02 mov byte ptr es:[esi+0x2d],0x2\r\n80540ab7 9c pushfd\r\n80540ab8 8b0b mov ecx,[ebx]\r\n80540aba 83bb9409000000 cmp dword ptr [ebx+0x994],0x0\r\n80540ac1 51 push ecx\r\n80540ac2 0f8535010000 jne nt!SwapContext+0x14d (80540bfd)\r\n80540ac8 833d0ca0558000 cmp dword ptr [nt!PPerfGlobalGroupMask (8055a00c)],0x0\r\n\r\nThis is an extremely dangerous patching operation to make, for several reasons:\r\n\r\n 1. nt!SwapContext is a *very* hot code path, as it is called on every single context switch. Therefore, patching it at runtime without running a non-trivial risk of bringing down the system is very difficult, especially on multiprocessor systems. KAV attempts to solve the synchronization problems relating to patching this function on uniprocessor systems by disabling interrupts entirely, but this approach will not work reliably on multiprocessor systems. KAV makes no attempt to address this problem on multiprocessor systems and puts them at the risk of randomly failing on boot during KAV's patching.\r\n\r\n 2. Reliably locating this function and making assumptions about the register and stack usage (and instruction layout) across all released and future Windows versions is a practical impossibility, and yet KAV attempts to do just this. This puts KAV customers at the mercy of the next Windows update, which may cause their systems to crash on boot because KAV's hooking code makes an assumption that has been invalidated about the context-switching process.\r\n\r\nAdditionally, in order to perform code patching on the kernel, KAV adjusts the page protections of kernel code to be writable by altering PTE attributes directly instead of using documented functions (which would have proper locking semantics for accessing internal memory management structures).\r\n\r\nKAV nt!SwapContext patching:\r\n\r\n.text:F82264EA mov eax, 90909090h ; Build the code to be written to nt!SwapContext\r\n.text:F82264EF mov [ebp+var_38], eax\r\n.text:F82264F2 mov [ebp+var_34], eax\r\n.text:F82264F5 mov [ebp+var_30], ax\r\n.text:F82264F9 mov byte ptr [ebp+var_38], 0E9h\r\n.text:F82264FD mov ecx, offset KavSwapContext\r\n.text:F8226502 sub ecx, ebx\r\n.text:F8226504 sub ecx, 5\r\n.text:F8226507 mov [ebp+var_38+1], ecx\r\n.text:F822650A mov ecx, [ebp+var_1C]\r\n.text:F822650D lea edx, [ecx+ebx]\r\n.text:F8226510 mov dword_F8228338, edx\r\n.text:F8226516 mov esi, ebx\r\n.text:F8226518 mov edi, offset unk_F8227DBC\r\n.text:F822651D mov eax, ecx\r\n.text:F822651F shr ecx, 2\r\n.text:F8226522 rep movsd\r\n.text:F8226524 mov ecx, eax\r\n.text:F8226526 and ecx, 3\r\n.text:F8226529 rep movsb\r\n.text:F822652B lea ecx, [ebp+var_48] ; Make nt!SwapContext writable by directly accessing\r\n.text:F822652B ; the PTEs.\r\n.text:F822652E push ecx\r\n.text:F822652F push 1\r\n.text:F8226531 push ebx\r\n.text:F8226532 call ModifyPteAttributes\r\n.text:F8226537 test al, al\r\n.text:F8226539 jz short loc_F8226588\r\n.text:F822653B mov ecx, offset KavInternalSpinLock\r\n.text:F8226540 call KavSpinLockAcquire ; Disable interrupts\r\n.text:F8226545 mov ecx, [ebp+var_1C] ; Write to kernel code\r\n.text:F8226548 lea esi, [ebp+var_38]\r\n.text:F822654B mov edi, ebx\r\n.text:F822654D mov edx, ecx\r\n.text:F822654F shr ecx, 2\r\n.text:F8226552 rep movsd\r\n.text:F8226554 mov ecx, edx\r\n.text:F8226556 and ecx, 3\r\n.text:F8226559 rep movsb\r\n.text:F822655B mov edx, eax\r\n.text:F822655D mov ecx, offset KavInternalSpinLock\r\n.text:F8226562 call KavSpinLockRelease ; Reenable interrupts\r\n.text:F8226567 lea eax, [ebp+var_48] ; Restore the original PTE attributes.\r\n.text:F822656A push eax\r\n.text:F822656B mov ecx, [ebp+var_48]\r\n.text:F822656E push ecx\r\n.text:F822656F push ebx\r\n.text:F8226570 call ModifyPteAttributes\r\n.text:F8226575 mov al, 1\r\n.text:F8226577 mov ecx, [ebp+var_10]\r\n.text:F822657A mov large fs:0, ecx\r\n.text:F8226581 pop edi\r\n.text:F8226582 pop esi\r\n.text:F8226583 pop ebx\r\n.text:F8226584 mov esp, ebp\r\n.text:F8226586 pop ebp\r\n.text:F8226587 retn\r\n\r\nKavSpinLockAcquire subroutine (disables interrupts):\r\n\r\n.text:F8221240 KavSpinLockAcquire proc near ; CODE XREF: sub_F8225690+D7p\r\n.text:F8221240 ; sub_F8225D50+8Cp ...\r\n.text:F8221240 pushf\r\n.text:F8221241 pop eax\r\n.text:F8221242\r\n.text:F8221242 loc_F8221242: ; CODE XREF: KavSpinLockAcquire+13j\r\n.text:F8221242 cli\r\n.text:F8221243 lock bts dword ptr [ecx], 0\r\n.text:F8221248 jb short loc_F822124B\r\n.text:F822124A retn\r\n.text:F822124B ; ---------------------------------------------------------------------------\r\n.text:F822124B\r\n.text:F822124B loc_F822124B: ; CODE XREF: KavSpinLockAcquire+8j\r\n.text:F822124B push eax\r\n.text:F822124C popf\r\n.text:F822124D\r\n.text:F822124D loc_F822124D: ; CODE XREF: KavSpinLockAcquire+17j\r\n.text:F822124D test dword ptr [ecx], 1\r\n.text:F8221253 jz short loc_F8221242\r\n.text:F8221255 pause\r\n.text:F8221257 jmp short loc_F822124D\r\n.text:F8221257 KavSpinLockAcquire endp\r\n\r\nKavSpinLockRelease subroutine (reenables interrupts):\r\n\r\n.text:F8221260 KavSpinLockRelease proc near ; CODE XREF: sub_F8225690+F2p\r\n.text:F8221260 ; sub_F8225D50+BAp ...\r\n.text:F8221260 mov dword ptr [ecx], 0\r\n.text:F8221266 push edx\r\n.text:F8221267 popf\r\n.text:F8221268 retn\r\n.text:F8221268 KavSpinLockRelease endp\r\n\r\nModifyPteAttributes subroutine:\r\n\r\n.text:F82203C0 ModifyPteAttributes proc near ; CODE XREF: sub_F821A9D0+91p\r\n.text:F82203C0 ; sub_F8220950+43p ...\r\n.text:F82203C0\r\n.text:F82203C0 var_24 = dword ptr -24h\r\n.text:F82203C0 var_20 = byte ptr -20h\r\n.text:F82203C0 var_1C = dword ptr -1Ch\r\n.text:F82203C0 var_18 = dword ptr -18h\r\n.text:F82203C0 var_10 = dword ptr -10h\r\n.text:F82203C0 var_4 = dword ptr -4\r\n.text:F82203C0 arg_0 = dword ptr 8\r\n.text:F82203C0 arg_4 = byte ptr 0Ch\r\n.text:F82203C0 arg_8 = dword ptr 10h\r\n.text:F82203C0\r\n.text:F82203C0 push ebp\r\n.text:F82203C1 mov ebp, esp\r\n.text:F82203C3 push 0FFFFFFFFh\r\n.text:F82203C5 push offset dword_F8212180\r\n.text:F82203CA push offset _except_handler3\r\n.text:F82203CF mov eax, large fs:0\r\n.text:F82203D5 push eax\r\n.text:F82203D6 mov large fs:0, esp\r\n.text:F82203DD sub esp, 14h\r\n.text:F82203E0 push ebx\r\n.text:F82203E1 push esi\r\n.text:F82203E2 push edi\r\n.text:F82203E3 mov [ebp+var_18], esp\r\n.text:F82203E6 xor ebx, ebx\r\n.text:F82203E8 mov [ebp+var_20], bl\r\n.text:F82203EB mov esi, [ebp+arg_0]\r\n.text:F82203EE mov ecx, esi\r\n.text:F82203F0 call KavGetEflags\r\n.text:F82203F5 push esi\r\n.text:F82203F6 call KavGetPte ; This is a function pointer filled in at runtime,\r\n.text:F82203F6 ; differing based on whether the system has PAE\r\n.text:F82203F6 ; enabled or not.\r\n.text:F82203FC mov edi, eax\r\n.text:F82203FE mov [ebp+var_1C], edi\r\n.text:F8220401 cmp edi, 0FFFFFFFFh\r\n.text:F8220404 jz short loc_F8220458\r\n.text:F8220406 mov [ebp+var_4], ebx\r\n.text:F8220409 mov ecx, esi\r\n.text:F822040B call KavGetEflags\r\n.text:F8220410 mov eax, [edi]\r\n.text:F8220412 test al, 1\r\n.text:F8220414 jz short loc_F8220451\r\n.text:F8220416 mov ecx, eax\r\n.text:F8220418 mov [ebp+var_24], ecx\r\n.text:F822041B cmp [ebp+arg_4], bl\r\n.text:F822041E jz short loc_F8220429\r\n.text:F8220420 mov eax, [ebp+var_1C]\r\n.text:F8220423 lock or dword ptr [eax], 2\r\n.text:F8220427 jmp short loc_F8220430\r\n.text:F8220429 ; ---------------------------------------------------------------------------\r\n.text:F8220429\r\n.text:F8220429 loc_F8220429: ; CODE XREF: ModifyPteAttributes+5Ej\r\n.text:F8220429 mov eax, [ebp+var_1C]\r\n.text:F822042C lock and dword ptr [eax], 0FFFFFFFDh\r\n.text:F8220430\r\n.text:F8220430 loc_F8220430: ; CODE XREF: ModifyPteAttributes+67j\r\n.text:F8220430 mov eax, [ebp+arg_8]\r\n.text:F8220433 cmp eax, ebx\r\n.text:F8220435 jz short loc_F822043C\r\n.text:F8220437 and ecx, 2\r\n.text:F822043A mov [eax], cl\r\n.text:F822043C\r\n.text:F822043C loc_F822043C: ; CODE XREF: ModifyPteAttributes+75j\r\n.text:F822043C mov [ebp+var_20], 1\r\n.text:F8220440 mov eax, [ebp+arg_0]\r\n.text:F8220443 invlpg byte ptr [eax]\r\n.text:F8220446 jmp short loc_F8220451\r\n.text:F8220448 ; ---------------------------------------------------------------------------\r\n.text:F8220448\r\n.text:F8220448 loc_F8220448: ; DATA XREF: .text:F8212184o\r\n.text:F8220448 mov eax, 1\r\n.text:F822044D retn\r\n.text:F822044E ; ---------------------------------------------------------------------------\r\n.text:F822044E\r\n.text:F822044E loc_F822044E: ; DATA XREF: .text:F8212188o\r\n.text:F822044E mov esp, [ebp-18h]\r\n.text:F8220451\r\n.text:F8220451 loc_F8220451: ; CODE XREF: ModifyPteAttributes+54j\r\n.text:F8220451 ; ModifyPteAttributes+86j\r\n.text:F8220451 mov [ebp+var_4], 0FFFFFFFFh\r\n.text:F8220458\r\n.text:F8220458 loc_F8220458: ; CODE XREF: ModifyPteAttributes+44j\r\n.text:F8220458 mov al, [ebp+var_20]\r\n.text:F822045B mov ecx, [ebp+var_10]\r\n.text:F822045E mov large fs:0, ecx\r\n.text:F8220465 pop edi\r\n.text:F8220466 pop esi\r\n.text:F8220467 pop ebx\r\n.text:F8220468 mov esp, ebp\r\n.text:F822046A pop ebp\r\n.text:F822046B retn 0Ch\r\n.text:F822046B ModifyPteAttributes endp\r\n", "published": "2006-06-15T00:00:00", "modified": "2006-06-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13197", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-08-31T11:10:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2019-13197", "CVE-2018-13197", "CVE-2015-9286", "CVE-2017-13197", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "nessus", "idList": ["SUSE_SU-2018-1687-1.NASL", "SUSE_SU-2017-1790-1.NASL", "OPENSUSE-2018-649.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851790"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1727-1"]}, {"type": "seebug", "idList": ["SSV:96672"]}, {"type": "talos", "idList": ["TALOS-2016-0193"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:18", "rev": 2}, "vulnersScore": 6.5}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-01-27T14:21:21", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.", "edition": 1, "cvss3": {}, "published": "2021-01-26T18:15:00", "title": "CVE-2020-13197", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2020-13197"], "modified": "2021-01-26T18:15:00", "cpe": [], "id": "CVE-2020-13197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13197", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-13T19:15:00", "title": "CVE-2019-13197", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13197"], "modified": "2020-03-18T20:20:00", "cpe": ["cpe:/o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701"], "id": "CVE-2019-13197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13197", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:kyocera:ecosys_m5526cdw_firmware:2r7_2000.001.701:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:27", "description": "The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-05T02:29:00", "title": "CVE-2018-13197", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13197"], "modified": "2018-08-24T13:35:00", "cpe": ["cpe:/a:welfare_token_fund_project:welfare_token_fund:-"], "id": "CVE-2018-13197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13197", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:welfare_token_fund_project:welfare_token_fund:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:35", "description": "In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-12T23:29:00", "title": "CVE-2017-13197", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13197"], "modified": "2018-02-01T21:18:00", "cpe": ["cpe:/o:google:android:6.0", "cpe:/o:google:android:8.0", "cpe:/o:google:android:7.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:7.1.2", "cpe:/o:google:android:6.0.1", "cpe:/o:google:android:7.1.1"], "id": "CVE-2017-13197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13197", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T12:38:18", "description": "Samba was updated to 4.6.14, fixing bugs and security issues :\n\nVersion update to 4.6.14 (bsc#1093664) :\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\n + winbind: avoid using fstrcpy(dcname,...) in\n _dual_init_connection; (bso#13294).\n\n + s3:smb2_server: correctly maintain request counters for\n compound requests; (bso#13215).\n\n + s3: smbd: Unix extensions attempts to change wrong field\n in fchown call; (bso#13375).\n\n + s3:smbd: map nterror on smb2_flush errorpath;\n (bso#13338).\n\n + vfs_glusterfs: Fix the wrong pointer being sent in\n glfs_fsync_async; (bso#13297).\n\n + s3: smbd: Fix possible directory fd leak if the\n underlying OS doesn't support fdopendir(); (bso#13270).\n\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get\n freed on error, we don't own it here; (bso#13244).\n\n + s3:libsmb: allow -U'\\\\administrator' to work;\n (bso#13206).\n\n + CVE-2018-1057: s4:dsdb: fix unprivileged password\n changes; (bso#13272); (bsc#1081024).\n\n + s3:smbd: Do not crash if we fail to init the session\n table; (bso#13315).\n\n + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;\n (bso#13310).\n\n + smbXcli: Add 'force_channel_sequence'; (bso#13215).\n\n + smbd: Fix channel sequence number checks for\n long-running requests; (bso#13215).\n\n + s3:smb2_server: allow logoff, close, unlock, cancel and\n echo on expired sessions; (bso#13197).\n\n + s3:smbd: return the correct error for cancelled SMB2\n notifies on expired sessions; (bso#13197).\n\n + samba: Only use async signal-safe functions in signal\n handler; (bso#13240).\n\n + subnet: Avoid a segfault when renaming subnet objects;\n (bso#13031).\n\n - Fix vfs_ceph with 'aio read size' or 'aio write size' >\n 0; (bsc#1093664).\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-18T00:00:00", "title": "openSUSE Security Update : samba (openSUSE-2018-649)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1057"], "modified": "2018-06-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"], "id": "OPENSUSE-2018-649.NASL", "href": "https://www.tenable.com/plugins/nessus/110593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-649.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110593);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1057\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2018-649)\");\n script_summary(english:\"Check for the openSUSE-2018-649 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba was updated to 4.6.14, fixing bugs and security issues :\n\nVersion update to 4.6.14 (bsc#1093664) :\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\n + winbind: avoid using fstrcpy(dcname,...) in\n _dual_init_connection; (bso#13294).\n\n + s3:smb2_server: correctly maintain request counters for\n compound requests; (bso#13215).\n\n + s3: smbd: Unix extensions attempts to change wrong field\n in fchown call; (bso#13375).\n\n + s3:smbd: map nterror on smb2_flush errorpath;\n (bso#13338).\n\n + vfs_glusterfs: Fix the wrong pointer being sent in\n glfs_fsync_async; (bso#13297).\n\n + s3: smbd: Fix possible directory fd leak if the\n underlying OS doesn't support fdopendir(); (bso#13270).\n\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get\n freed on error, we don't own it here; (bso#13244).\n\n + s3:libsmb: allow -U'\\\\administrator' to work;\n (bso#13206).\n\n + CVE-2018-1057: s4:dsdb: fix unprivileged password\n changes; (bso#13272); (bsc#1081024).\n\n + s3:smbd: Do not crash if we fail to init the session\n table; (bso#13315).\n\n + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;\n (bso#13310).\n\n + smbXcli: Add 'force_channel_sequence'; (bso#13215).\n\n + smbd: Fix channel sequence number checks for\n long-running requests; (bso#13215).\n\n + s3:smb2_server: allow logoff, close, unlock, cancel and\n echo on expired sessions; (bso#13197).\n\n + s3:smbd: return the correct error for cancelled SMB2\n notifies on expired sessions; (bso#13197).\n\n + samba: Only use async signal-safe functions in signal\n handler; (bso#13240).\n\n + subnet: Avoid a segfault when renaming subnet objects;\n (bso#13031).\n\n - Fix vfs_ceph with 'aio read size' or 'aio write size' >\n 0; (bsc#1093664).\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093664\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-tests-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-tests-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-binding0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient0-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-client-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-client-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-core-devel-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-debugsource-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-libs-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-pidl-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-python-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-python-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-test-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-test-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-winbind-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-ceph-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-tests / ctdb-tests-debuginfo / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:13:00", "description": "Samba was updated to 4.6.14, fixing bugs and security issues: Version\nupdate to 4.6.14 (bsc#1093664) :\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\n + winbind: avoid using fstrcpy(dcname,...) in\n _dual_init_connection; (bso#13294).\n\n + s3:smb2_server: correctly maintain request counters for\n compound requests; (bso#13215).\n\n + s3: smbd: Unix extensions attempts to change wrong field\n in fchown call; (bso#13375).\n\n + s3:smbd: map nterror on smb2_flush errorpath;\n (bso#13338).\n\n + vfs_glusterfs: Fix the wrong pointer being sent in\n glfs_fsync_async; (bso#13297).\n\n + s3: smbd: Fix possible directory fd leak if the\n underlying OS doesn't support fdopendir(); (bso#13270).\n\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get\n freed on error, we don't own it here; (bso#13244).\n\n + s3:libsmb: allow -U'\\\\administrator' to work;\n (bso#13206).\n\n + CVE-2018-1057: s4:dsdb: fix unprivileged password\n changes; (bso#13272); (bsc#1081024).\n\n + s3:smbd: Do not crash if we fail to init the session\n table; (bso#13315).\n\n + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;\n (bso#13310).\n\n + smbXcli: Add 'force_channel_sequence'; (bso#13215).\n\n + smbd: Fix channel sequence number checks for\n long-running requests; (bso#13215).\n\n + s3:smb2_server: allow logoff, close, unlock, cancel and\n echo on expired sessions; (bso#13197).\n\n + s3:smbd: return the correct error for cancelled SMB2\n notifies on expired sessions; (bso#13197).\n\n + samba: Only use async signal-safe functions in signal\n handler; (bso#13240).\n\n + subnet: Avoid a segfault when renaming subnet objects;\n (bso#13031).\n\n - Fix vfs_ceph with 'aio read size' or 'aio write size' >\n 0; (bsc#1093664).\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-14T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1057"], "modified": "2018-06-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo"], "id": "SUSE_SU-2018-1687-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1687-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110531);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-1057\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Samba was updated to 4.6.14, fixing bugs and security issues: Version\nupdate to 4.6.14 (bsc#1093664) :\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\n + winbind: avoid using fstrcpy(dcname,...) in\n _dual_init_connection; (bso#13294).\n\n + s3:smb2_server: correctly maintain request counters for\n compound requests; (bso#13215).\n\n + s3: smbd: Unix extensions attempts to change wrong field\n in fchown call; (bso#13375).\n\n + s3:smbd: map nterror on smb2_flush errorpath;\n (bso#13338).\n\n + vfs_glusterfs: Fix the wrong pointer being sent in\n glfs_fsync_async; (bso#13297).\n\n + s3: smbd: Fix possible directory fd leak if the\n underlying OS doesn't support fdopendir(); (bso#13270).\n\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get\n freed on error, we don't own it here; (bso#13244).\n\n + s3:libsmb: allow -U'\\\\administrator' to work;\n (bso#13206).\n\n + CVE-2018-1057: s4:dsdb: fix unprivileged password\n changes; (bso#13272); (bsc#1081024).\n\n + s3:smbd: Do not crash if we fail to init the session\n table; (bso#13315).\n\n + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;\n (bso#13310).\n\n + smbXcli: Add 'force_channel_sequence'; (bso#13215).\n\n + smbd: Fix channel sequence number checks for\n long-running requests; (bso#13215).\n\n + s3:smb2_server: allow logoff, close, unlock, cancel and\n echo on expired sessions; (bso#13197).\n\n + s3:smbd: return the correct error for cancelled SMB2\n notifies on expired sessions; (bso#13197).\n\n + samba: Only use async signal-safe functions in signal\n handler; (bso#13240).\n\n + subnet: Avoid a segfault when renaming subnet objects;\n (bso#13031).\n\n - Fix vfs_ceph with 'aio read size' or 'aio write size' >\n 0; (bsc#1093664).\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks;\n (bso#13425).\n\n + Fix memory leak in vfs_ceph; (bso#13424).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1057/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181687-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fce8919\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1132=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1132=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-1132=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1132=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2018-1132=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:47:52", "description": "This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-10684: Possible RCE via stack-based buffer\n overflow in the fmt_entry function. (bsc#1046858)\n\n - CVE-2017-10685: Possible RCE with format string\n vulnerability in the fmt_entry function. (bsc#1046853)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-07T00:00:00", "title": "SUSE SLES11 Security Update : Recommended update for ncurses (SUSE-SU-2017:1790-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10685", "CVE-2017-10684"], "modified": "2017-07-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "id": "SUSE_SU-2017-1790-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1790-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101289);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10684\", \"CVE-2017-10685\");\n\n script_name(english:\"SUSE SLES11 Security Update : Recommended update for ncurses (SUSE-SU-2017:1790-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-10684: Possible RCE via stack-based buffer\n overflow in the fmt_entry function. (bsc#1046858)\n\n - CVE-2017-10685: Possible RCE with format string\n vulnerability in the fmt_entry function. (bsc#1046853)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10684/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10685/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171790-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07b8b40c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13197=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13197=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13197=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-92.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-92.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for ncurses\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-04T16:46:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1057"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-06-17T00:00:00", "id": "OPENVAS:1361412562310851790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851790", "type": "openvas", "title": "openSUSE: Security Advisory for samba (openSUSE-SU-2018:1727-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851790\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-17 05:53:15 +0200 (Sun, 17 Jun 2018)\");\n script_cve_id(\"CVE-2018-1057\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for samba (openSUSE-SU-2018:1727-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samba was updated to 4.6.14, fixing bugs and security issues:\n\n Version update to 4.6.14 (bsc#1093664):\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks (bso#13425).\n + Fix memory leak in vfs_ceph (bso#13424).\n + winbind: avoid using fstrcpy(dcname, ...) in _dual_init_connection\n (bso#13294).\n + s3:smb2_server: correctly maintain request counters for compound\n requests (bso#13215).\n + s3: smbd: Unix extensions attempts to change wrong field in fchown call\n (bso#13375).\n + s3:smbd: map nterror on smb2_flush errorpath (bso#13338).\n + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async\n (bso#13297).\n + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't\n support fdopendir() (bso#13270).\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we\n don't own it here (bso#13244).\n + s3:libsmb: allow -U'\\\\administrator' to work (bso#13206).\n + CVE-2018-1057: s4:dsdb: fix unprivileged password changes (bso#13272)\n (bsc#1081024).\n + s3:smbd: Do not crash if we fail to init the session table (bso#13315).\n + libsmb: Use smb2 tcon if conn_protocol = SMB2_02 (bso#13310).\n + smbXcli: Add 'force_channel_sequence' (bso#13215).\n + smbd: Fix channel sequence number checks for long-running requests\n (bso#13215).\n + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired\n sessions (bso#13197).\n + s3:smbd: return the correct error for cancelled SMB2 notifies on expired\n sessions (bso#13197).\n + samba: Only use async signal-safe functions in signal handler\n (bso#13240).\n + subnet: Avoid a segfault when renaming subnet objects (bso#13031).\n\n - Fix vfs_ceph with 'aio read size' or 'aio write size' 0 (bsc#1093664).\n + vfs_ceph: add fake async pwrite/pread send/recv hooks (bso#13425).\n + Fix memory leak in vfs_ceph (bso#13424).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-649=1\");\n\n script_tag(name:\"affected\", value:\"samba on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1727-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00035.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ctdb\", rpm:\"ctdb~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-debuginfo\", rpm:\"ctdb-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests\", rpm:\"ctdb-tests~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests-debuginfo\", rpm:\"ctdb-tests-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-devel\", rpm:\"libdcerpc-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr-devel\", rpm:\"libdcerpc-samr-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0\", rpm:\"libdcerpc-samr0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo\", rpm:\"libdcerpc-samr0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-devel\", rpm:\"libndr-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac-devel\", rpm:\"libndr-krb5pac-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt-devel\", rpm:\"libndr-nbt-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard-devel\", rpm:\"libndr-standard-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials-devel\", rpm:\"libsamba-credentials-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors-devel\", rpm:\"libsamba-errors-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0\", rpm:\"libsamba-errors0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-debuginfo\", rpm:\"libsamba-errors0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig-devel\", rpm:\"libsamba-hostconfig-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb-devel\", rpm:\"libsamba-passdb-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0\", rpm:\"libsamba-passdb0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo\", rpm:\"libsamba-passdb0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy-devel\", rpm:\"libsamba-policy-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0\", rpm:\"libsamba-policy0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo\", rpm:\"libsamba-policy0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util-devel\", rpm:\"libsamba-util-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb-devel\", rpm:\"libsamdb-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf-devel\", rpm:\"libsmbconf-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap-devel\", rpm:\"libsmbldap-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util-devel\", rpm:\"libtevent-util-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-core-devel\", rpm:\"samba-core-devel~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-pidl\", rpm:\"samba-pidl~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python-debuginfo\", rpm:\"samba-python-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test\", rpm:\"samba-test~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-debuginfo\", rpm:\"samba-test-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-32bit\", rpm:\"libdcerpc-samr0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo-32bit\", rpm:\"libdcerpc-samr0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-32bit\", rpm:\"libsamba-errors0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-debuginfo-32bit\", rpm:\"libsamba-errors0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-32bit\", rpm:\"libsamba-passdb0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo-32bit\", rpm:\"libsamba-passdb0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-32bit\", rpm:\"libsamba-policy0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo-32bit\", rpm:\"libsamba-policy0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-ceph\", rpm:\"samba-ceph~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-ceph-debuginfo\", rpm:\"samba-ceph-debuginfo~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.6.14+git.150.1540e575faf~15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-06-16T17:08:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1057"], "description": "Samba was updated to 4.6.14, fixing bugs and security issues:\n\n Version update to 4.6.14 (bsc#1093664):\n\n + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).\n + Fix memory leak in vfs_ceph; (bso#13424).\n + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection;\n (bso#13294).\n + s3:smb2_server: correctly maintain request counters for compound\n requests; (bso#13215).\n + s3: smbd: Unix extensions attempts to change wrong field in fchown call;\n (bso#13375).\n + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).\n + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;\n (bso#13297).\n + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't\n support fdopendir(); (bso#13270).\n + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we\n don't own it here; (bso#13244).\n + s3:libsmb: allow -U"\\\\administrator" to work; (bso#13206).\n + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272);\n (bsc#1081024).\n + s3:smbd: Do not crash if we fail to init the session table; (bso#13315).\n + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).\n + smbXcli: Add "force_channel_sequence"; (bso#13215).\n + smbd: Fix channel sequence number checks for long-running requests;\n (bso#13215).\n + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired\n sessions; (bso#13197).\n + s3:smbd: return the correct error for cancelled SMB2 notifies on expired\n sessions; (bso#13197).\n + samba: Only use async signal-safe functions in signal handler;\n (bso#13240).\n + subnet: Avoid a segfault when renaming subnet objects; (bso#13031).\n\n - Fix vfs_ceph with "aio read size" or "aio write size" > 0; (bsc#1093664).\n + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).\n + Fix memory leak in vfs_ceph; (bso#13424).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2018-06-16T15:14:49", "published": "2018-06-16T15:14:49", "id": "OPENSUSE-SU-2018:1727-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00035.html", "title": "Security update for samba (moderate)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T11:56:27", "description": "### Summary\r\nAn exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\r\n\r\n### Tested Versions\r\nOpenJpeg openjp2 2.1.1\r\n\r\n### Product URLs\r\nhttp://www.openjpeg.org/\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\r\n\r\n### Details\r\nThe OpenJpeg library is a reference implementation of JPEG2000 standard and is used by many popular PDF renderers. Most notably Poppler, MuPDF and Pdfium.\r\n\r\nDue to an error while parsing `mcc` records in the jpeg2000 file, out of bounds memory can be accessed resulting in an erroneous read and write of adjacent heap area memory. Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.\r\n\r\nThe vulnerability lies in `opj_j2k_read_mcc_record` function in `src/lib/openjp2/j2k.c` file which is responsible for parsing `mcc` records.\r\n```\r\n l_mcc_record = l_tcp->m_mcc_records;\r\n\r\n for(i=0;i<l_tcp->m_nb_mcc_records;++i) {\r\n if (l_mcc_record->m_index == l_indix) {\r\n break;\r\n }\r\n ++l_mcc_record;\r\n }\r\n```\r\nWhen an `mcc` record is being parsed, a `l_mcc_recprd` array is being iterated over in search of appropriate index. Next, if the index is not found, the following code is executed:\r\n```\r\n if (i == l_tcp->m_nb_mcc_records) {\r\n if (l_tcp->m_nb_mcc_records == l_tcp->m_nb_max_mcc_records) {\r\n opj_simple_mcc_decorrelation_data_t *new_mcc_records;\r\n l_tcp->m_nb_max_mcc_records += OPJ_J2K_MCC_DEFAULT_NB_RECORDS;\r\n\r\n new_mcc_records = (opj_simple_mcc_decorrelation_data_t *) opj_realloc(\r\n l_tcp->m_mcc_records, l_tcp->m_nb_max_mcc_records * sizeof(opj_simple_mcc_decorrelation_data_t));\r\n if (! new_mcc_records) {\r\n opj_free(l_tcp->m_mcc_records);\r\n l_tcp->m_mcc_records = NULL;\r\n l_tcp->m_nb_max_mcc_records = 0;\r\n l_tcp->m_nb_mcc_records = 0;\r\n opj_event_msg(p_manager, EVT_ERROR, \"Not enough memory to read MCC marker\\n\");\r\n return OPJ_FALSE;\r\n }\r\n l_tcp->m_mcc_records = new_mcc_records;\r\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\r\n memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t));\r\n }\r\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\r\n }\r\n l_mcc_record->m_index = l_indix;\r\n```\r\nThe first if statement is entered if the index was not found, then, if current number of records has reached a maximum of `l_tcp->m_nb_max_mcc_records` (which is 10 initially), maximum is increased and memory is reallocated to accommodate more records. At the end of the function, number of records is increased:\r\n```\r\n ++l_tcp->m_nb_mcc_records;\r\n return OPJ_TRUE;\r\n```\r\nThe vulnerability in the above code lies in the improper increment of the number of records at the end of the function. If a malicious image is created, such that it has a number of `mcc` records with the same (zero) index, the counter in the for loop can never reach the value that would satisfy `i == l_tcp->m_nb_mcc_records` condition. If there are 10 or more such objects, `l_tcp->m_nb_mcc_records` will be increased to more than `l_tcp->m_nb_max_mcc_records` without actually reallocating the appropriate amount of memory. If then there is an mcc record with a different index in the image, the if condition inside the for loop won\u2019t ever be true, which will lead to `l_mcc_record` pointer being increased out of bounds, causing an out of bounds read. Further on, this out of bounds pointer is retained and is used in a write operation when its index is being updated by a controlled value.\r\n\r\nBy varying the number of mcc records, an attacker can target a particular heap memory area and by abusing the same bug multiple times gain enough control over the process memory to get arbitrary code execution.\r\n\r\n### Crash Information\r\n```\r\n bash-4.3$ valgrind $opj_decompress -i minimal.jp2 -o dasd.bmp\r\n ==13197== Memcheck, a memory error detector\r\n ==13197== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.\r\n ==13197== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info\r\n ==13197== Command:../openjpeg/build/bin/opj_decompress -i minimal.jp2 -o dasd.bmp\r\n ==13197==\r\n\r\n [INFO] Start to read j2k main header (119).\r\n\r\n ==13197== Invalid read of size 4\r\n ==13197== at 0x4049768: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197== Address 0x4439080 is 0 bytes after a block of size 200 alloc'd\r\n ==13197== at 0x402CEBA: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)\r\n ==13197== by 0x406D4C2: opj_calloc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x40436B6: opj_j2k_read_siz (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197==\r\n ==13197== Invalid write of size 4\r\n ==13197== at 0x4049940: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\r\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\r\n ==13197== Address 0x4439094 is 20 bytes after a block of size 200 in arena \"client\"\r\n ==13197==\r\n [ERROR] Error reading MCC marker\r\n [ERROR] Marker handler function failed to read the marker segment\r\n```\r\nIn the above Valgrind output, an invalid out of bounds read and write is recorded.\r\n\r\n### Timeline\r\n* 2016-07-26 - Vendor Disclosure\r\n* 2016-09-29 - Public Release", "published": "2017-10-13T00:00:00", "type": "seebug", "title": "OpenJPEG JPEG2000 mcc record Code Execution Vulnerability(CVE-2016-8332)", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-8332"], "modified": "2017-10-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96672", "id": "SSV:96672", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "talos": [{"lastseen": "2019-05-29T19:19:52", "bulletinFamily": "info", "cvelist": ["CVE-2016-8332"], "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0193\n\n## OpenJPEG JPEG2000 mcc record Code Execution Vulnerability\n\n##### September 29, 2016\n\n##### CVE Number\n\nCVE-2016-8332\n\n### Summary\n\nAn exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.\n\n### Tested Versions\n\nOpenJpeg openjp2 2.1.1\n\n### Product URLs\n\n<http://www.openjpeg.org/>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### Details\n\nThe OpenJpeg library is a reference implementation of JPEG2000 standard and is used by many popular PDF renderers. Most notably Poppler, MuPDF and Pdfium.\n\nDue to an error while parsing `mcc` records in the jpeg2000 file, out of bounds memory can be accessed resulting in an erroneous read and write of adjacent heap area memory. Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.\n\nThe vulnerability lies in `opj_j2k_read_mcc_record` function in `src/lib/openjp2/j2k.c` file which is responsible for parsing `mcc` records.\n \n \n ```\n l_mcc_record = l_tcp->m_mcc_records;\n \n for(i=0;i<l_tcp->m_nb_mcc_records;++i) {\n if (l_mcc_record->m_index == l_indix) {\n break;\n }\n ++l_mcc_record;\n }\n ```\n \n\nWhen an `mcc` record is being parsed, a `l_mcc_recprd` array is being iterated over in search of appropriate index. Next, if the index is not found, the following code is executed:\n \n \n ```\n if (i == l_tcp->m_nb_mcc_records) {\n if (l_tcp->m_nb_mcc_records == l_tcp->m_nb_max_mcc_records) {\n opj_simple_mcc_decorrelation_data_t *new_mcc_records;\n l_tcp->m_nb_max_mcc_records += OPJ_J2K_MCC_DEFAULT_NB_RECORDS;\n \n new_mcc_records = (opj_simple_mcc_decorrelation_data_t *) opj_realloc(\n l_tcp->m_mcc_records, l_tcp->m_nb_max_mcc_records * sizeof(opj_simple_mcc_decorrelation_data_t));\n if (! new_mcc_records) {\n opj_free(l_tcp->m_mcc_records);\n l_tcp->m_mcc_records = NULL;\n l_tcp->m_nb_max_mcc_records = 0;\n l_tcp->m_nb_mcc_records = 0;\n opj_event_msg(p_manager, EVT_ERROR, \"Not enough memory to read MCC marker\\n\");\n return OPJ_FALSE;\n }\n l_tcp->m_mcc_records = new_mcc_records;\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\n memset(l_mcc_record,0,(l_tcp->m_nb_max_mcc_records-l_tcp->m_nb_mcc_records) * sizeof(opj_simple_mcc_decorrelation_data_t));\n }\n l_mcc_record = l_tcp->m_mcc_records + l_tcp->m_nb_mcc_records;\n }\n l_mcc_record->m_index = l_indix;\n ```\n \n\nThe first if statement is entered if the index was not found, then, if current number of records has reached a maximum of `l_tcp->m_nb_max_mcc_records` (which is 10 initially), maximum is increased and memory is reallocated to accommodate more records. At the end of the function, number of records is increased:\n \n \n ```\n ++l_tcp->m_nb_mcc_records;\n return OPJ_TRUE;\n ```\n \n\nThe vulnerability in the above code lies in the improper increment of the number of records at the end of the function. If a malicious image is created, such that it has a number of `mcc` records with the same (zero) index, the counter in the for loop can never reach the value that would satisfy `i == l_tcp->m_nb_mcc_records` condition. If there are 10 or more such objects, `l_tcp->m_nb_mcc_records` will be increased to more than `l_tcp->m_nb_max_mcc_records` without actually reallocating the appropriate amount of memory. If then there is an mcc record with a different index in the image, the if condition inside the for loop won\u2019t ever be true, which will lead to `l_mcc_record` pointer being increased out of bounds, causing an out of bounds read. Further on, this out of bounds pointer is retained and is used in a write operation when its index is being updated by a controlled value.\n\nBy varying the number of mcc records, an attacker can target a particular heap memory area and by abusing the same bug multiple times gain enough control over the process memory to get arbitrary code execution.\n\n### Crash Information\n \n \n ```\n bash-4.3$ valgrind $opj_decompress -i minimal.jp2 -o dasd.bmp\n ==13197== Memcheck, a memory error detector\n ==13197== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.\n ==13197== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info\n ==13197== Command:../openjpeg/build/bin/opj_decompress -i minimal.jp2 -o dasd.bmp\n ==13197==\n \n [INFO] Start to read j2k main header (119).\n \n ==13197== Invalid read of size 4\n ==13197== at 0x4049768: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197== Address 0x4439080 is 0 bytes after a block of size 200 alloc'd\n ==13197== at 0x402CEBA: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)\n ==13197== by 0x406D4C2: opj_calloc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x40436B6: opj_j2k_read_siz (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197==\n ==13197== Invalid write of size 4\n ==13197== at 0x4049940: opj_j2k_read_mcc (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DACA: opj_j2k_read_header_procedure (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404DDB4: opj_j2k_exec (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x404CB01: opj_j2k_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405A97C: opj_jp2_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x405CD75: opj_read_header (in../openjpeg/build/bin/libopenjp2.so.2.1.1)\n ==13197== by 0x804C3E9: main (in../openjpeg/build/bin/opj_decompress)\n ==13197== Address 0x4439094 is 20 bytes after a block of size 200 in arena \"client\"\n ==13197==\n [ERROR] Error reading MCC marker\n [ERROR] Marker handler function failed to read the marker segment\n ```\n \n\nIn the above Valgrind output, an invalid out of bounds read and write is recorded.\n\n### Timeline\n\n2016-07-26 - Vendor Disclosure \n2016-09-29 - Public Release\n\n##### Credit\n\nDiscovered by Aleksandar Nikolic of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0260\n\nPrevious Report\n\nTALOS-2016-0183\n", "edition": 10, "modified": "2016-09-29T00:00:00", "published": "2016-09-29T00:00:00", "id": "TALOS-2016-0193", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0193", "title": "OpenJPEG JPEG2000 mcc record Code Execution Vulnerability", "type": "talos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research (now part of Flexera Software) 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1) Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2) Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS (Denial of Service) and compromise an application using the SDK.\r\n\r\n1) An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2) An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4) Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5) Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6) Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research (now part\r\nof Flexera Software).\r\n\r\n======================================================================\r\n\r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8) About Secunia (now part of Flexera Software)\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32659", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4845"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - Database user enumeration\r\nAdvisory ID: [ERPSCAN-15-025]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nDate published:20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: User Enumeration\r\nImpact: user enumeration, SSRF\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4845\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity None (N)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThere is a script in EBS that is used to connect to the database and\r\ndisplays the connection status. Different connection results can help\r\nan attacker to find existing database accounts.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.2.4\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nDatabase users enumeration\r\nVunerable script: Aoljtest.js\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32656", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32656", "title": "[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
