Detections
Analytics

EulerOS Virtualization 2.13.0 : samba (EulerOS-SA-2025-2617)

critical Nessus Plugin ID 281565

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 A vulnerability has been found in Samba (File Transfer Software) (the affected version is unknown) and classified as critical.The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-10230)

 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability.(CVE-2025-9640)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization samba security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected samba packages.

See Also

http://www.nessus.org/u?ad311f9b

Plugin Details

Severity: Critical

ID: 281565

File Name: EulerOS_SA-2025-2617.nasl

Version: 1.1

Type: local

Published: 12/31/2025

Updated: 12/31/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-10230

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:libwbclient, p-cpe:/a:huawei:euleros:samba-libs, p-cpe:/a:huawei:euleros:samba-client-libs, cpe:/o:huawei:euleros:uvp:2.13.0, p-cpe:/a:huawei:euleros:samba-winbind-clients, p-cpe:/a:huawei:euleros:samba-winbind-modules, p-cpe:/a:huawei:euleros:samba-winbind, p-cpe:/a:huawei:euleros:samba, p-cpe:/a:huawei:euleros:samba-common, p-cpe:/a:huawei:euleros:samba-client, p-cpe:/a:huawei:euleros:libsmbclient, p-cpe:/a:huawei:euleros:samba-common-tools

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/31/2025

Vulnerability Publication Date: 10/15/2025

Reference Information

CVE: CVE-2025-10230, CVE-2025-9640

IAVA: 2025-A-0777