Detections
Analytics

MiracleLinux 4 : samba4-4.0.0-67.AXS4.rc4 (AXSA:2016-012:01)

high Nessus Plugin ID 289619

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-012:01 advisory.

 Samba is the standard Windows interoperability suite of programs for Linux and Unix.
 Security issues fixed with this release:
 CVE-2015-3223 The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
 CVE-2015-5252 vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
 CVE-2015-5296 Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
 CVE-2015-5299 The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
 CVE-2015-7540 The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/6372

Plugin Details

Severity: High

ID: 289619

File Name: miracle_linux_AXSA-2016-012.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2015-5299

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2015-5252

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:samba4, p-cpe:/a:miracle:linux:samba4-pidl, p-cpe:/a:miracle:linux:samba4-common, p-cpe:/a:miracle:linux:samba4-winbind-krb5-locator, p-cpe:/a:miracle:linux:samba4-winbind-clients, p-cpe:/a:miracle:linux:samba4-test, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:samba4-dc-libs, p-cpe:/a:miracle:linux:samba4-swat, p-cpe:/a:miracle:linux:samba4-winbind, p-cpe:/a:miracle:linux:samba4-libs, p-cpe:/a:miracle:linux:samba4-client, p-cpe:/a:miracle:linux:samba4-dc, p-cpe:/a:miracle:linux:samba4-python, p-cpe:/a:miracle:linux:samba4-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/8/2016

Vulnerability Publication Date: 12/16/2015

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-7540