Lucene search
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5003.NASLHistoryNov 10, 2021 - 12:00 a.m.
Debian DSA-5003-1 : samba - security update
2021-11-1000:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51
debian 11
samba
security update
vulnerability
access checking
privilege escalation
smb1 authentication
rodc
kerberos authentication
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
75.6%
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5003 advisory.
-
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)
-
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124) -
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)
-
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)
-
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self- reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5003. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155015);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/28");
script_cve_id(
"CVE-2016-2124",
"CVE-2020-25717",
"CVE-2020-25718",
"CVE-2020-25719",
"CVE-2020-25721",
"CVE-2020-25722",
"CVE-2021-3738",
"CVE-2021-23192"
);
script_xref(name:"IAVA", value:"2021-A-0554-S");
script_name(english:"Debian DSA-5003-1 : samba - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5003 advisory.
- Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored
data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)
- A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to
retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124)
- A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use
this flaw to cause possible privilege escalation. (CVE-2020-25717)
- A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC
(read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)
- A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-
based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did
not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total
domain compromise. (CVE-2020-25719)
Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/samba");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021/dsa-5003");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2124");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25717");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25718");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25719");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25721");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-25722");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-23192");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3738");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/samba");
script_set_attribute(attribute:"solution", value:
"Upgrade the samba packages.
For the stable distribution (bullseye), these problems have been fixed in version 2");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25719");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-3738");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ctdb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('audit.inc');
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(11)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'ctdb', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libnss-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libpam-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libsmbclient', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libsmbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libwbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'libwbclient0', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'python3-samba', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'registry-tools', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-common', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-common-bin', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-dsdb-modules', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-libs', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-testsuite', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'samba-vfs-modules', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'smbclient', 'reference': '2:4.13.13+dfsg-1~deb11u2'},
{'release': '11.0', 'prefix': 'winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (release && prefix && reference) {
if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libsmbclient / etc');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738
packages.debian.org/source/bullseye/samba
security-tracker.debian.org/tracker/CVE-2016-2124
security-tracker.debian.org/tracker/CVE-2020-25717
security-tracker.debian.org/tracker/CVE-2020-25718
security-tracker.debian.org/tracker/CVE-2020-25719
security-tracker.debian.org/tracker/CVE-2020-25721
security-tracker.debian.org/tracker/CVE-2020-25722
security-tracker.debian.org/tracker/CVE-2021-23192
security-tracker.debian.org/tracker/CVE-2021-3738
security-tracker.debian.org/tracker/source-package/samba
www.debian.org/security/2021/dsa-5003
Related
freebsd
freebsd
samba -- Multiple Vulnerabilities
2021-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: libldb-2.3.2-1.fc34
2021-12-01 01:14:11
[SECURITY] Fedora 34 Update: freeipa-4.9.6-4.fc34
2021-12-01 01:14:11
[SECURITY] Fedora 35 Update: freeipa-4.9.7-4.fc35
2021-11-19 01:16:31
openvas
openvas
Fedora: Security Advisory for samba (FEDORA-2021-1d77047c61)
2021-12-04 00:00:00
Debian: Security Advisory (DSA-5003-1)
2021-11-14 00:00:00
Mageia: Security Advisory (MGASA-2021-0585)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 5003-1] samba security update
2021-11-09 18:46:42
[SECURITY] [DSA 5003-1] samba security update
2021-11-09 18:46:42
[SECURITY] [DSA 5015-1] samba security update
2021-11-30 12:19:55
osv
osv
samba - security update
2021-11-09 00:00:00
ctdb-4.15.2+git.193.a4d6307f1fd-1.1 on GA media
2024-06-15 00:00:00
samba regression
2021-12-13 19:47:42
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.10-alt1
2021-11-07 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : samba and ldb (SUSE-SU-2021:3647-1)
2021-11-11 00:00:00
openSUSE 15 Security Update : samba and ldb (openSUSE-SU-2021:3647-1)
2021-11-11 00:00:00
cisa
cisa
Samba Releases Security Updates
2021-11-09 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2021-12-26 03:14:13
ubuntu
ubuntu
Samba regression
2021-12-13 00:00:00
Samba vulnerabilities
2021-11-11 00:00:00
Samba regressions
2021-12-06 00:00:00
suse
suse
Security update for samba and ldb (important)
2021-11-10 00:00:00
Security update for samba (important)
2021-11-15 00:00:00
Security update for samba (important)
2021-11-10 00:00:00
oraclelinux
oraclelinux
samba security update
2021-12-14 00:00:00
samba security and bug fix update
2021-12-17 00:00:00
idm:DL1 security update
2021-12-16 00:00:00
almalinux
almalinux
Important: samba security update
2021-12-13 08:15:38
Moderate: idm:DL1 security update
2021-12-15 07:39:49
redhat
redhat
(RHSA-2022:0008) Important: samba security update
2022-01-04 07:51:09
(RHSA-2021:5082) Important: samba security update
2021-12-13 08:15:38
(RHSA-2021:4843) Important: samba security update
2021-11-29 12:29:23
rocky
rocky
samba security update
2021-12-13 08:15:38
idm:DL1 security update
2021-12-15 07:39:49
cloudfoundry
cloudfoundry
USN-5174-2: Samba regression | Cloud Foundry
2022-01-20 00:00:00
USN-5174-1: Samba vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
samba
samba
Kerberos acceptors need easy access to stable
2021-11-09 00:00:00
Samba AD DC did not do suffienct access and
2021-11-09 00:00:00
Subsequent DCE/RPC fragment injection vulnerability
2021-11-09 00:00:00
f5
f5
K21312421 : Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192
2022-01-05 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2021-12-21 21:39:51
amazon
amazon
Critical: samba
2022-02-03 19:29:00
Critical: samba
2022-02-10 21:59:00
cnvd
cnvd
Samba Licensing Issue Vulnerability (CNVD-2022-15499)
2021-11-12 00:00:00
Samba permission permission and access control issue vulnerability (CNVD-2022-15498)
2021-11-12 00:00:00
Samba Input Validation Error Vulnerability (CNVD-2021-87030)
2021-11-12 00:00:00
ubuntucve
ubuntucve
redhatcve
redhatcve
alpinelinux
alpinelinux
veracode
veracode
CVE-2020-25722
2021-11-12 15:18:24
Authentication Bypass
2021-11-12 15:18:26
Total Domain Compromise
2021-11-12 15:19:39
cve
cve
CVE-2020-25718
2022-02-18 18:15:08
CVE-2020-25721
2022-03-16 15:15:09
cvelist
cvelist
debiancve
debiancve
nvd
nvd
prion
prion
Design/Logic Flaw
2022-02-18 18:15:00
Code injection
2022-03-16 15:15:00
Design/Logic Flaw
2022-02-18 18:15:00
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2021-23192 affecting package samba 4.12.5-6
2024-09-30 03:52:42
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.005
Percentile
75.6%
Related for DEBIAN_DSA-5003.NASL