CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
The following issues have been fixed in Samba :
PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182)
Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. (CVE-2012-0870)
Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed :.
(CVE-2012-0817)
s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599).
Correctly handle DENY ACEs when privileges apply;
(bso#8797).
s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749).
Allow vfs_aio_pthread to build as a static module;
(bso#8723).
s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527).
s3: segfault in dom_sid_compare(bso#8567).
Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768).
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
Fix problem when calculating the share security mask, take priviliges into account for the connecting user;
(bso#8784).
Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807);. (bnc#751454)
Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);.
(bnc#741854)
s3-printing: fix crash in printer_list_set_printer();
(bso#8762);. (bnc#746825)
s3:winbindd fix a return code check; (bso#8406).
s3: Add rmdir operation to streams_depot; (bso#8733).
s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738).
s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572)
Remove all precompiled idl output to ensure any pidl changes take effect;. (bnc#757080)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58767);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-0817", "CVE-2012-0870", "CVE-2012-1182");
script_name(english:"SuSE 11.2 Security Update : Samba (SAT Patch Number 6145)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The following issues have been fixed in Samba :
- PIDL based autogenerated code uses client supplied size
values which allows attackers to write beyond the
allocated array size. (CVE-2012-1182)
- Ensure AndX offsets are increasing strictly
monotonically in pre-3.4 versions. (CVE-2012-0870)
- Fix memory leak in parent smbd on connection Also the
following non-security bugs have been fixed :.
(CVE-2012-0817)
- s3-winbindd: Only use SamLogonEx when we can get
unencrypted session keys; (bso#8599).
- Correctly handle DENY ACEs when privileges apply;
(bso#8797).
- s3:smb2_server: fix a logic error, we should sign non
guest sessions; (bso8749).
- Allow vfs_aio_pthread to build as a static module;
(bso#8723).
- s3:dbwrap_ctdb: return the number of records in
db_ctdb_traverse() for persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for
SEC_STD_WRITE_OWNER; (bso#8768).
- s3-winbindd: Close netlogon connection if the status
returned by the NetrSamLogonEx call is timeout in the
pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted
domain; (bso#8599).
- Fix problem when calculating the share security mask,
take priviliges into account for the connecting user;
(bso#8784).
- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over
1000 groups; (bso#8807);. (bnc#751454)
- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);.
(bnc#741854)
- s3-printing: fix crash in printer_list_set_printer();
(bso#8762);. (bnc#746825)
- s3:winbindd fix a return code check; (bso#8406).
- s3: Add rmdir operation to streams_depot; (bso#8733).
- s3:smbd:smb2: fix an assignment-instead-of-check bug
conn_snum_used(); (bso#8738).
- s3:auth: fill the sids array of the info3 in
wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
- Do not map POSIX execute permission to Windows
FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572)
- Remove all precompiled idl output to ensure any pidl
changes take effect;. (bnc#757080)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=732395"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=732572"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=741854"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=743986"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=746825"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=747934"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=751454"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=752797"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=757080"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-0817.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-0870.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-1182.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6145.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ldapsmb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-krb-printing");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libldb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libsmbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtalloc2-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtdb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtevent0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libwbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-client-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-doc-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-krb-printing-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-winbind-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-doc-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-krb-printing-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"ldapsmb-1.34b-12.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libldb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libsmbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libtalloc2-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libtdb1-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libtevent0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libwbclient0-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"samba-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"samba-client-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"samba-doc-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"samba-krb-printing-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"samba-winbind-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
support.novell.com/security/cve/CVE-2012-0817.html
support.novell.com/security/cve/CVE-2012-0870.html
support.novell.com/security/cve/CVE-2012-1182.html
bugzilla.novell.com/show_bug.cgi?id=732395
bugzilla.novell.com/show_bug.cgi?id=732572
bugzilla.novell.com/show_bug.cgi?id=741854
bugzilla.novell.com/show_bug.cgi?id=743986
bugzilla.novell.com/show_bug.cgi?id=746825
bugzilla.novell.com/show_bug.cgi?id=747934
bugzilla.novell.com/show_bug.cgi?id=751454
bugzilla.novell.com/show_bug.cgi?id=752797
bugzilla.novell.com/show_bug.cgi?id=757080