MEDIUM
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
http://rhn.redhat.com/errata/RHSA-2017-0494.html
http://rhn.redhat.com/errata/RHSA-2017-0495.html
http://rhn.redhat.com/errata/RHSA-2017-0662.html
http://rhn.redhat.com/errata/RHSA-2017-0744.html
http://www.securityfocus.com/bid/94994
http://www.securitytracker.com/id/1037495
https://access.redhat.com/errata/RHSA-2017:1265
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
Source: MITRE
Published: 2017-05-11
Updated: 2018-05-11
Type: CWE-264
Base Score: 4
Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.26:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.1.23:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.4.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.5.0:*:*:*:*:*:*:*
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 109920 | Pulse Policy Secure Multiple Vulnerabilities (SA43730) | Nessus | Misc. | high |
| 109919 | Pulse Connect Secure Multiple Vulnerabilities (SA43730) | Nessus | Misc. | high |
| 101469 | Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1265) | Nessus | Virtuozzo Local Security Checks | medium |
| 100698 | EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1105) | Nessus | Huawei Local Security Checks | critical |
| 100697 | EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104) | Nessus | Huawei Local Security Checks | critical |
| 100554 | Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry) | Nessus | Amazon Linux Local Security Checks | critical |
| 100350 | Scientific Linux Security Update : samba on SL7.x x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 100346 | RHEL 7 : samba (RHSA-2017:1265) | Nessus | Red Hat Local Security Checks | medium |
| 100344 | Oracle Linux 7 : samba (ELSA-2017-1265) | Nessus | Oracle Linux Local Security Checks | medium |
| 100329 | CentOS 7 : samba (CESA-2017:1265) | Nessus | CentOS Local Security Checks | medium |
| 99225 | Scientific Linux Security Update : samba on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 99224 | Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 99072 | Oracle Linux 6 : samba4 (ELSA-2017-0744) | Nessus | Oracle Linux Local Security Checks | medium |
| 99069 | Oracle Linux 6 : samba (ELSA-2017-0662) | Nessus | Oracle Linux Local Security Checks | medium |
| 97960 | CentOS 6 : samba4 (CESA-2017:0744) | Nessus | CentOS Local Security Checks | medium |
| 97957 | CentOS 6 : samba (CESA-2017:0662) | Nessus | CentOS Local Security Checks | medium |
| 97931 | RHEL 7 : Gluster Storage (RHSA-2017:0495) | Nessus | Red Hat Local Security Checks | medium |
| 97930 | RHEL 6 : Gluster Storage (RHSA-2017:0494) | Nessus | Red Hat Local Security Checks | medium |
| 97884 | RHEL 6 : samba4 (RHSA-2017:0744) | Nessus | Red Hat Local Security Checks | medium |
| 97880 | RHEL 6 : samba (RHSA-2017:0662) | Nessus | Red Hat Local Security Checks | medium |
| 96361 | Fedora 24 : 2:samba (2017-d0a537062c) | Nessus | Fedora Local Security Checks | medium |
| 9857 | Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities | Nessus Network Monitor | Samba | high |
| 96294 | openSUSE Security Update : samba (openSUSE-2017-12) | Nessus | SuSE Local Security Checks | medium |
| 96293 | openSUSE Security Update : samba (openSUSE-2017-11) | Nessus | SuSE Local Security Checks | medium |
| 96262 | SUSE SLES11 Security Update : samba (SUSE-SU-2016:3300-1) | Nessus | SuSE Local Security Checks | medium |
| 96261 | SUSE SLES12 Security Update : samba (SUSE-SU-2016:3299-1) | Nessus | SuSE Local Security Checks | medium |
| 96260 | SUSE SLES11 Security Update : samba (SUSE-SU-2016:3298-1) | Nessus | SuSE Local Security Checks | medium |
| 96166 | Slackware 14.2 / current : samba (SSA:2016-363-02) | Nessus | Slackware Local Security Checks | medium |
| 96164 | FreeBSD : samba -- multiple vulnerabilities (e4bc323f-cc73-11e6-b704-000c292e4fd8) | Nessus | FreeBSD Local Security Checks | medium |
| 96149 | SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:3272-1) | Nessus | SuSE Local Security Checks | medium |
| 96148 | SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:3271-1) | Nessus | SuSE Local Security Checks | medium |
| 96142 | Samba 4.3.x < 4.3.13 / 4.4.x < 4.4.8 / 4.5.x < 4.5.3 Multiple Vulnerabilities | Nessus | Misc. | high |
| 96108 | Fedora 25 : 2:samba (2016-364f61377b) | Nessus | Fedora Local Security Checks | medium |
| 95949 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : samba vulnerabilities (USN-3158-1) | Nessus | Ubuntu Local Security Checks | medium |
| 95936 | Debian DSA-3740-1 : samba - security update | Nessus | Debian Local Security Checks | medium |