Lucene search
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SAMBA_4_12_2.NASLHistoryApr 30, 2020 - 12:00 a.m.
Samba 4.10.x < 4.10.15 / 4.11.x < 4.11.8 / 4.12.x < 4.12.2 Multiple Vulnerabilities
2020-04-3000:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.019
Percentile
88.6%
The version of Samba running on the remote host is 4.10.x prior to 4.10.15, 4.11.x prior to 4.11.8, or 4.12.x prior to 4.12.2. It is, therefore, affected by the following vulnerabilities :
-
A flaw exists related to handling ‘ASQ’ and ‘Paged Results’ LDAP controls that could allow use-after-free conditions having unspecified impact. (CVE-2020-10700)
-
A flaw exists related to handling deeply nested filters, un-authenticated LDAP searches, and stack memory that could allow application crashes.
(CVE-2020-10704)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(136177);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/08");
script_cve_id("CVE-2020-10700", "CVE-2020-10704");
script_xref(name:"IAVA", value:"2020-A-0175-S");
script_name(english:"Samba 4.10.x < 4.10.15 / 4.11.x < 4.11.8 / 4.12.x < 4.12.2 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Samba.");
script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is potentially affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.10.x prior to
4.10.15, 4.11.x prior to 4.11.8, or 4.12.x prior to 4.12.2. It is,
therefore, affected by the following vulnerabilities :
- A flaw exists related to handling 'ASQ' and 'Paged
Results' LDAP controls that could allow use-after-free
conditions having unspecified impact. (CVE-2020-10700)
- A flaw exists related to handling deeply nested
filters, un-authenticated LDAP searches, and stack
memory that could allow application crashes.
(CVE-2020-10704)
Note that Nessus has not tested for these issues but has instead relied
only on the application's self-reported version number.");
# https://www.samba.org/samba/security/CVE-2020-10700.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a8fcf070");
# https://www.samba.org/samba/security/CVE-2020-10704.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0eb4abff");
script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.10.15 / 4.11.8 / 4.12.2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10704");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/30");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_nativelanman.nasl");
script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('vcf.inc');
include('vcf_extras.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app = vcf::samba::get_app_info();
vcf::check_granularity(app_info:app, sig_segments:3);
constraints = [
{'min_version':'4.10.0', 'fixed_version':'4.10.15'},
{'min_version':'4.11.0', 'fixed_version':'4.11.8'},
{'min_version':'4.12.0', 'fixed_version':'4.12.2'},
];
vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);
Related
fedora
fedora
[SECURITY] Fedora 31 Update: samba-4.11.8-0.fc31
2020-05-07 04:21:24
[SECURITY] Fedora 31 Update: libldb-2.0.10-1.fc31
2020-05-07 04:21:24
[SECURITY] Fedora 30 Update: libldb-1.5.7-1.fc30
2020-05-07 03:27:33
mageia
mageia
Updated samba packages fix security vulnerabilities
2020-05-08 13:57:54
nessus
nessus
Fedora 31 : 2:samba / libldb (2020-9cf0b1c8f1)
2020-05-07 00:00:00
Fedora 30 : 2:samba / libldb (2020-e244c98af5)
2020-05-07 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0205)
2022-01-28 00:00:00
Fedora: Security Advisory for samba (FEDORA-2020-c931060ab7)
2020-05-06 00:00:00
Fedora: Security Advisory for samba (FEDORA-2020-e244c98af5)
2020-05-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.11.8-alt1
2020-04-28 00:00:00
cisa
cisa
Samba Releases Security Updates
2020-04-28 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2020-04-29 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2020-04-28 00:00:00
Samba vulnerability
2020-04-29 00:00:00
Samba regression
2020-04-29 00:00:00
redhatcve
redhatcve
CVE-2020-10700
2020-04-28 10:39:49
CVE-2020-10704
2020-04-28 10:39:49
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:27:07
Denial Of Service (DoS)
2020-08-06 21:27:10
samba
samba
LDAP Denial of Service (stack overflow) in
2020-04-28 00:00:00
Use-after-free in Samba AD DC LDAP Server with ASQ
2020-04-28 00:00:00
NULL pointer de-reference and use-after-free
2020-07-02 00:00:00
alpinelinux
alpinelinux
CVE-2020-10704
2020-05-06 14:15:10
CVE-2020-10700
2020-05-04 21:15:11
cve
cve
CVE-2020-10700
2020-05-04 21:15:11
CVE-2020-10704
2020-05-06 14:15:10
cvelist
cvelist
CVE-2020-10700
2020-05-04 20:03:50
CVE-2020-10704
2020-05-06 00:00:00
osv
osv
CVE-2020-10700
2020-05-04 21:15:11
CVE-2020-10704
2020-05-06 14:15:10
samba - security update
2020-11-22 00:00:00
nvd
nvd
CVE-2020-10700
2020-05-04 21:15:11
CVE-2020-10704
2020-05-06 14:15:10
debiancve
debiancve
CVE-2020-10700
2020-05-04 21:15:11
CVE-2020-10704
2020-05-06 14:15:10
ubuntucve
ubuntucve
CVE-2020-10700
2020-04-28 00:00:00
CVE-2020-10704
2020-04-28 00:00:00
prion
prion
Design/Logic Flaw
2020-05-04 21:15:00
Stack overflow
2020-05-06 14:15:00
suse
suse
Security update for samba (important)
2020-05-02 00:00:00
Security update for ldb, samba (important)
2020-09-01 00:00:00
Security update for ldb, samba (important)
2020-07-21 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2020-07-26 00:00:00
debian
debian
[SECURITY] [DLA 2463-1] samba security update
2020-11-23 03:18:54
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.019
Percentile
88.6%
Related for SAMBA_4_12_2.NASL