CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.
Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don’t know of. You are therefore advised to upgrade your systems running Samba to woody soon.
Unofficial backported packages from the Samba maintainers for version 2.2.8 of Samba for woody are available at ~peloy and ~vorlon.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-280. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(15117);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2003-0196", "CVE-2003-0201");
script_bugtraq_id(7294, 7295);
script_xref(name:"CERT", value:"267873");
script_xref(name:"DSA", value:"280");
script_name(english:"Debian DSA-280-1 : samba - buffer overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in Samba, a LanManager-like file and printer server for
Unix. This vulnerability can lead to an anonymous user gaining root
access on a Samba serving system. An exploit for this problem is
already circulating and in use.
Since the packages for potato are quite old it is likely that they
contain more security-relevant bugs that we don't know of. You are
therefore advised to upgrade your systems running Samba to woody soon.
Unofficial backported packages from the Samba maintainers for version
2.2.8 of Samba for woody are available at ~peloy and ~vorlon."
);
script_set_attribute(
attribute:"see_also",
value:"https://people.debian.org/~peloy/samba/"
);
script_set_attribute(
attribute:"see_also",
value:"https://people.debian.org/~vorlon/samba/"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2003/dsa-280"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the Samba packages immediately.
For the stable distribution (woody) this problem has been fixed in
version 2.2.3a-12.3.
For the old stable distribution (potato) this problem has been fixed
in version 2.0.7-5.1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/04/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"2.2", prefix:"samba", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"2.2", prefix:"samba-common", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"2.2", prefix:"samba-doc", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"2.2", prefix:"smbclient", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"2.2", prefix:"smbfs", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"2.2", prefix:"swat", reference:"2.0.7-5.1")) flag++;
if (deb_check(release:"3.0", prefix:"libpam-smbpass", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"libsmbclient", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"libsmbclient-dev", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"samba", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"samba-common", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"samba-doc", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"smbclient", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"smbfs", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"swat", reference:"2.2.3a-12.3")) flag++;
if (deb_check(release:"3.0", prefix:"winbind", reference:"2.2.3a-12.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");