openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)

Critical Nessus Plugin ID 74600

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote openSUSE host is missing a security update.

Description

- Add the ldapsmb sources as else patches against them have no chance to apply.

- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the 'root' user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815);
(bnc#752797).

- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599).

- Correctly handle DENY ACEs when privileges apply;
(bso#8797).

- s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749).

- Allow vfs_aio_pthread to build as a static module;
(bso#8723).

- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527).

- s3: segfault in dom_sid_compare(bso#8567).

- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768).

- s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).

- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).

- Fix problem when calculating the share security mask, take priviliges into account for the connecting user;
(bso#8784).

- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).

- Remove obsoleted Authors lines from spec file for post-11.2 systems.

- Make ldapsmb build with Fedora 15 and 16; (bso#8783).

- BuildRequire libuuid-devel for post-11.0 and other systems.

- Define missing python macros for non SUSE systems.

- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.

- Always use cifstab instead of smbfstab on non SUSE systems.

- Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870;
(bnc#747934).

- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);
(bnc#741854).

- s3-printing: fix crash in printer_list_set_printer();
(bso#8762); (bnc#746825).

Solution

Update the affected samba packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=741854

https://bugzilla.novell.com/show_bug.cgi?id=746825

https://bugzilla.novell.com/show_bug.cgi?id=747934

https://bugzilla.novell.com/show_bug.cgi?id=751454

https://bugzilla.novell.com/show_bug.cgi?id=752797

https://lists.opensuse.org/opensuse-updates/2012-04/msg00035.html

Plugin Details

Severity: Critical

ID: 74600

File Name: openSUSE-2012-223.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ldapsmb, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-devel, p-cpe:/a:novell:opensuse:samba-krb-printing, p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/04/15

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Samba SetInformationPolicy AuditEventsInfo Heap Overflow)

Reference Information

CVE: CVE-2012-0870, CVE-2012-1182