Detections
Analytics
Debian DLA-1754-1 : samba security update
high Nessus Plugin ID 123959
Language:
Synopsis
The remote Debian host is missing a security update.Description
Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for UnixCVE-2017-9461
smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
CVE-2018-1050
Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash.
CVE-2018-1057
On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
Thanks to the Ubuntu security team for having backported the rather invasive changeset to Samba in Ubuntu 14.04 (which we could use to patch Samba in Debian jessie LTS).
CVE-2019-3880
A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could have used this flaw to create a new registry hive file anywhere they had unix permissions which could have lead to creation of a new file in the Samba share.
For Debian 8 'Jessie', these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u12.
We recommend that you upgrade your samba packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected packages.See Also
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Plugin Details
Severity: High
ID: 123959
File Name: debian_DLA-1754.nasl
Version: 1.6
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 4/10/2019
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2018-1057
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libnss-winbind, p-cpe:/a:debian:debian_linux:libpam-smbpass, p-cpe:/a:debian:debian_linux:libpam-winbind, p-cpe:/a:debian:debian_linux:libparse-pidl-perl, p-cpe:/a:debian:debian_linux:libsmbclient, p-cpe:/a:debian:debian_linux:libsmbclient-dev, p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev, p-cpe:/a:debian:debian_linux:libsmbsharemodes0, p-cpe:/a:debian:debian_linux:libwbclient-dev, p-cpe:/a:debian:debian_linux:libwbclient0, p-cpe:/a:debian:debian_linux:python-samba, p-cpe:/a:debian:debian_linux:registry-tools, p-cpe:/a:debian:debian_linux:samba, p-cpe:/a:debian:debian_linux:samba-common, p-cpe:/a:debian:debian_linux:samba-common-bin, p-cpe:/a:debian:debian_linux:samba-dbg, p-cpe:/a:debian:debian_linux:samba-dev, p-cpe:/a:debian:debian_linux:samba-doc, p-cpe:/a:debian:debian_linux:samba-dsdb-modules, p-cpe:/a:debian:debian_linux:samba-libs, p-cpe:/a:debian:debian_linux:samba-testsuite, p-cpe:/a:debian:debian_linux:samba-vfs-modules, p-cpe:/a:debian:debian_linux:smbclient, p-cpe:/a:debian:debian_linux:winbind, cpe:/o:debian:debian_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 4/9/2019
Vulnerability Publication Date: 6/6/2017
Reference Information
CVE: CVE-2017-9461, CVE-2018-1050, CVE-2018-1057, CVE-2019-3880