openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

high Nessus Plugin ID 75302
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


Samba was updated to fix security issues and bugs :

Security issues fixed :

- Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords.
CVE-2013-4496; (bnc#849224).

- The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to buffer overflow exploits caused by malicious servers;
CVE-2013-4408; (bnc#844720).

- The pam_winbind login without require_membership_of restrictions could allow fallbacks to local users even if they were not intended to be allowed; CVE-2012-6150;

Also non security bugs were fixed :

- Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942);

- Fix memory leak in printer_list_get_printer();
(bso#9993); (bnc#865561).

- Depend on %version-%release with all manual Provides and Requires; (bnc#844307).

- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).

- Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677).

- Samba is chatty about being unable to open a printer;

- nsswitch: Fix short writes in winbind_write_sock;

- xattr: fix listing EAs on *BSD for non-root users;

- spoolss: accept XPS_PASS datatype used by Windows 8;

- The preceding bugs are tracked by (bnc#854520) too.

- Make use of the full gpg pub key file name including the key ID.

- Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf;

- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474).

- Attempt to use samlogon validation level 6; (bso#7945);

- Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors; (bso#7944); (bnc#755663).

- Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.

- Use simplified smb signing infrastructure; (bnc#741623).


Update the affected samba packages.

See Also

Plugin Details

Severity: High

ID: 75302

File Name: openSUSE-2014-229.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 8.3

Temporal Score: 7.2

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-devel, p-cpe:/a:novell:opensuse:samba-krb-printing, p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/12/2014

Reference Information

CVE: CVE-2012-6150, CVE-2013-4408, CVE-2013-4496

BID: 64101, 64191, 66336