The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0323-1 advisory.

  - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now     provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
    (CVE-2020-25721)

  - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered     in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are     missing before calling realloc or calloc. (CVE-2020-29361)

  - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated     attacker with permissions to read or modify share metadata, to perform this operation outside of the     share. (CVE-2021-20316)

  - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to     allow a directory to be created in an area of the server file system not exported under the share     definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack     to succeed. (CVE-2021-43566)

  - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to     determine if a file or directory exists in an area of the server file system not exported under the share     definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
    (CVE-2021-44141)

  - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility     with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to     4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via     specially crafted extended file attributes. A remote attacker with write access to extended file     attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

  - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that     SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an     account modification re-adds an SPN that was previously present on that account, such as one added when a     computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to     perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an     attacker who can intercept traffic can impersonate existing services, resulting in a loss of     confidentiality and integrity. (CVE-2022-0336)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : samba (SUSE-SU-2022:0323-1)

high Nessus Plugin ID 157373

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.9 Jul 14, 2023, 5:13 AM Detection Exploit attributes ("Exploited by malware" set to "True") Plugin metadata Plugin Feed: 202307140513
Version 1.8 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.7 Mar 10, 2023, 5:10 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303101710
Version 1.6 Feb 3, 2023, 4:05 PM Exploit attributes ("Exploited by malware" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploit available" set to "True") CVSSv3 score source (set to "CVE-2022-0336") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") Plugin Feed: 202302031605
Version 1.5 Nov 8, 2022, 10:01 AM IAVM reference Plugin Feed: 202211081001