Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2017-1950.NASL
HistoryAug 09, 2017 - 12:00 a.m.

Oracle Linux 7 : samba (ELSA-2017-1950)

2017-08-0900:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

77.3%

JSON

From Red Hat Security Advisory 2017:1950 :

An update for samba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

The following packages have been upgraded to a later upstream version:
samba (4.6.2). (BZ#1391954)

Security Fix(es) :

  • A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:1950 and 
# Oracle Linux Security Advisory ELSA-2017-1950 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102290);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2017-9461");
  script_xref(name:"RHSA", value:"2017:1950");

  script_name(english:"Oracle Linux 7 : samba (ELSA-2017-1950)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2017:1950 :

An update for samba is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Low. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link (s) in the References section.

Samba is an open source implementation of the Server Message Block
(SMB) protocol and the related Common Internet File System (CIFS)
protocol, which allow PC-compatible machines to share files, printers,
and various information.

The following packages have been upgraded to a later upstream version:
samba (4.6.2). (BZ#1391954)

Security Fix(es) :

* A flaw was found in the way Samba handled dangling symlinks. An
authenticated malicious Samba client could use this flaw to cause the
smbd daemon to enter an infinite loop and use an excessive amount of
CPU and memory. (CVE-2017-9461)

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2017-August/007082.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected samba packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-dc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-dc-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-krb5-printing");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-pidl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-test-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-vfs-glusterfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-modules");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsmbclient-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsmbclient-devel-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwbclient-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwbclient-devel-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-client-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-client-libs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-libs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-tools-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-dc-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-dc-libs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-devel-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-libs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-pidl-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-python-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-test-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-test-libs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-modules-4.6.2-8.el7")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / libwbclient / libwbclient-devel / etc");
}

Related

redhatcve 1
ubuntu 1
osv 2
cve 1
openvas 6
nessus 11
centos 1
nvd 1
redhat 3
ubuntucve 1
ibm 3
prion 1
debiancve 1
veracode 1
cvelist 1
oraclelinux 1
debian 1
redhatcve
redhatcve
CVE-2017-9461
2017-06-07 09:37:18
ubuntu
ubuntu
Samba vulnerability
2017-07-05 00:00:00
osv
osv
CVE-2017-9461
2017-06-06 21:29:00
samba - security update
2019-04-09 00:00:00
cve
cve
CVE-2017-9461
2017-06-06 21:29:00
openvas
openvas
Samba 'fd_open_atomic infinite loop' Denial-of-Service Vulnerability
2017-06-07 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2017-1219)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2017-1220)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Samba vulnerability (USN-3348-1)
2017-07-06 00:00:00
RHEL 7 : samba (RHSA-2017:1950)
2017-08-02 00:00:00
EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1220)
2017-09-11 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2017-08-24 01:41:27
nvd
nvd
CVE-2017-9461
2017-06-06 21:29:00
redhat
redhat
(RHSA-2017:1950) Low: samba security, bug fix, and enhancement update
2017-08-01 05:56:25
(RHSA-2017:2778) Moderate: samba security, bug fix, and enhancement update
2017-09-21 04:06:21
(RHSA-2017:2338) Moderate: samba security update
2017-08-01 06:33:39
ubuntucve
ubuntucve
CVE-2017-9461
2017-06-06 00:00:00
ibm
ibm
Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461)
2018-06-18 00:35:45
Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461)
2018-06-18 00:35:46
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-9461)
2018-08-01 19:27:17
prion
prion
Denial of service
2017-06-06 21:29:00
debiancve
debiancve
CVE-2017-9461
2017-06-06 21:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:18:48
cvelist
cvelist
CVE-2017-9461
2017-06-06 21:00:00
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2017-08-07 00:00:00
debian
debian
[SECURITY] [DLA 1754-1] samba security update
2019-04-09 20:33:14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

77.3%

JSON
Related for ORACLELINUX_ELSA-2017-1950.NASL
redhatcve1ubuntu1osv2cve1openvas6nessus11centos1nvd1redhat3ubuntucve1ibm3prion1debiancve1veracode1cvelist1oraclelinux1debian1