Lucene search
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-14042-1.NASLHistoryMay 13, 2019 - 12:00 a.m.
SUSE SLES11 Security Update : samba (SUSE-SU-2019:14042-1)
2019-05-1300:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
0.002 Low
EPSS
Percentile
61.2%
This update for samba fixes the following issues :
Security issue fixed :
CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
Non-security issue fixed: Make init scripts create log directories before running daemons (bsc#1101499)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:14042-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124858);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");
script_cve_id("CVE-2019-3880");
script_name(english:"SUSE SLES11 Security Update : samba (SUSE-SU-2019:14042-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for samba fixes the following issues :
Security issue fixed :
CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which
allowed an unprivileged user to save registry files outside a share
(bsc#1131060).
Non-security issue fixed: Make init scripts create log directories
before running daemons (bsc#1101499)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1101499");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131060");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3880/");
# https://www.suse.com/support/update/announcement/2019/suse-su-201914042-1.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0a54935");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch
slessp4-samba-14042=1
SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
sleposp3-samba-14042=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-samba-14042=1
SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
dbgsp3-samba-14042=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ldapsmb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libldb1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtalloc2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtdb1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-krb-printing");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"samba-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"samba-client-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libtdb1-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libtevent0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"samba-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"samba-client-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"ldapsmb-1.34b-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libldb1-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libsmbclient0-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libtalloc2-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libtdb1-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libtevent0-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libwbclient0-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"samba-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"samba-client-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"samba-krb-printing-3.6.3-94.19.2")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"samba-winbind-3.6.3-94.19.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | ldapsmb | p-cpe:/a:novell:suse_linux:ldapsmb |
| novell | suse_linux | libldb1 | p-cpe:/a:novell:suse_linux:libldb1 |
| novell | suse_linux | libsmbclient0 | p-cpe:/a:novell:suse_linux:libsmbclient0 |
| novell | suse_linux | libtalloc2 | p-cpe:/a:novell:suse_linux:libtalloc2 |
| novell | suse_linux | libtdb1 | p-cpe:/a:novell:suse_linux:libtdb1 |
| novell | suse_linux | libtevent0 | p-cpe:/a:novell:suse_linux:libtevent0 |
| novell | suse_linux | libwbclient0 | p-cpe:/a:novell:suse_linux:libwbclient0 |
| novell | suse_linux | samba | p-cpe:/a:novell:suse_linux:samba |
| novell | suse_linux | samba-client | p-cpe:/a:novell:suse_linux:samba-client |
| novell | suse_linux | samba-krb-printing | p-cpe:/a:novell:suse_linux:samba-krb-printing |
Related
suse
suse
Security update for samba (important)
2019-04-10 00:00:00
Security update for samba (moderate)
2019-04-29 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1708)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1689)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1195-1)
2021-04-19 00:00:00
nessus
nessus
SUSE SLES12 Security Update : samba (SUSE-SU-2019:1203-1)
2019-05-13 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2019:1194-1)
2019-05-09 00:00:00
Debian DSA-4427-1 : samba - security update
2019-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2019-3880
2019-04-08 00:00:00
cvelist
cvelist
CVE-2019-3880
2019-04-09 15:18:08
redhat
redhat
(RHSA-2019:1967) Moderate: samba security, bug fix and enhancement update
2019-07-30 10:16:50
(RHSA-2019:3582) Moderate: samba security, bug fix, and enhancement update
2019-11-05 18:03:52
(RHSA-2019:2099) Moderate: samba security, bug fix, and enhancement update
2019-08-06 08:00:39
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2019-08-30 04:18:41
debian
debian
[SECURITY] [DSA 4427-1] samba security update
2019-04-08 08:26:34
[SECURITY] [DSA 4427-1] samba security update
2019-04-08 08:26:34
[SECURITY] [DLA 1754-1] samba security update
2019-04-09 20:33:14
ubuntu
ubuntu
Samba vulnerability
2019-04-08 00:00:00
Samba vulnerability
2019-04-08 00:00:00
ibm
ibm
samba
samba
Save registry file outside share as unprivileged user
2019-04-08 00:00:00
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2019-08-13 00:00:00
samba security, bug fix, and enhancement update
2019-11-14 00:00:00
redhatcve
redhatcve
CVE-2019-3880
2020-01-12 03:42:10
alpinelinux
alpinelinux
CVE-2019-3880
2019-04-09 16:29:01
osv
osv
CVE-2019-3880
2019-04-09 16:29:01
samba - security update
2019-04-08 00:00:00
samba - security update
2019-04-09 00:00:00
prion
prion
Design/Logic Flaw
2019-04-09 16:29:00
amazon
amazon
Medium: samba
2019-11-04 22:25:00
Medium: samba
2019-12-13 21:18:00
veracode
veracode
Unauthorized File Write
2019-08-05 00:16:18
debiancve
debiancve
CVE-2019-3880
2019-04-09 16:29:01
cve
cve
CVE-2019-3880
2019-04-09 16:29:01
nvd
nvd
CVE-2019-3880
2019-04-09 16:29:01
fedora
fedora
[SECURITY] Fedora 30 Update: samba-4.10.2-0.fc30
2019-04-13 00:10:07
[SECURITY] Fedora 29 Update: samba-4.9.6-0.fc29
2019-04-16 04:05:09
[SECURITY] Fedora 29 Update: samba-4.9.8-0.fc29
2019-05-18 03:21:47
cisa
cisa
Samba Releases Security Updates
2019-04-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.10.2-alt1
2019-04-11 00:00:00
f5
f5
K20804356 : Samba vulnerabilities CVE-2019-3870 and CVE-2019-3880
2019-05-27 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2019-05-14 00:00:00