Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-893-1.NASL
HistoryJan 29, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : samba vulnerability (USN-893-1)

2010-01-2900:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

26.9%

JSON

Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-893-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44336);
  script_version("1.14");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-0787");
  script_xref(name:"USN", value:"893-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : samba vulnerability (USN-893-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ronald Volgers discovered that the mount.cifs utility, when installed
as a setuid program, suffered from a race condition when verifying
user permissions. A local attacker could trick samba into mounting
over arbitrary locations, leading to a root privilege escalation.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/893-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"libpam-smbpass", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient-dev", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"python2.4-samba", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-common", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-dbg", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"samba-doc-pdf", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbclient", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"smbfs", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"swat", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"winbind", pkgver:"3.0.22-1ubuntu3.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpam-smbpass", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libsmbclient-dev", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-common", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-dbg", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"samba-doc-pdf", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbclient", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"smbfs", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"swat", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"winbind", pkgver:"3.0.28a-1ubuntu4.10")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libpam-smbpass", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsmbclient", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libsmbclient-dev", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libwbclient0", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-common", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-dbg", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-doc", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-doc-pdf", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"samba-tools", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"smbclient", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"smbfs", pkgver:"2:3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"swat", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"winbind", pkgver:"3.2.3-1ubuntu3.7")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpam-smbpass", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libsmbclient-dev", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libwbclient0", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-common", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-dbg", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-doc-pdf", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"samba-tools", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbclient", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"smbfs", pkgver:"2:3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"swat", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"winbind", pkgver:"3.3.2-1ubuntu3.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpam-smbpass", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libsmbclient", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libsmbclient-dev", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libwbclient0", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-common", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-common-bin", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-dbg", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-doc", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-doc-pdf", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"samba-tools", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"smbclient", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"smbfs", pkgver:"2:3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"swat", pkgver:"3.4.0-3ubuntu5.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"winbind", pkgver:"3.4.0-3ubuntu5.4")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpam-smbpass / libsmbclient / libsmbclient-dev / libwbclient0 / etc");
}

Related

prion 1
ubuntucve 1
cvelist 1
nvd 2
debiancve 1
veracode 1
cve 2
openvas 26
nessus 18
ubuntu 1
gentoo 1
suse 2
osv 3
redhat 1
centos 1
oraclelinux 2
vmware 2
prion
prion
Directory traversal
2010-03-02 18:30:00
ubuntucve
ubuntucve
CVE-2010-0787
2010-03-02 00:00:00
cvelist
cvelist
CVE-2010-0787
2010-03-02 18:00:00
nvd
nvd
CVE-2010-0787
2010-03-02 18:30:01
CVE-2009-3297
2010-03-02 18:30:00
debiancve
debiancve
CVE-2010-0787
2010-03-02 18:30:01
veracode
veracode
Symlink Attack
2020-04-10 00:51:48
cve
cve
CVE-2010-0787
2010-03-02 18:30:01
CVE-2009-3297
2010-03-02 18:30:00
openvas
openvas
Gentoo Security Advisory GLSA 201206-29 (mount-cifs)
2012-08-10 00:00:00
Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
2010-01-29 00:00:00
Mandriva Update for samba MDVSA-2010:090-1 (samba)
2010-05-17 00:00:00
nessus
nessus
GLSA-201206-29 : mount-cifs: Multiple vulnerabilites
2012-06-26 00:00:00
openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0346-1)
2010-07-01 00:00:00
SuSE 10 Security Update : Samba (ZYPP Patch Number 7072)
2010-10-11 00:00:00
ubuntu
ubuntu
Samba vulnerability
2010-01-28 00:00:00
gentoo
gentoo
mount-cifs: Multiple vulnerabilites
2012-06-25 00:00:00
suse
suse
potential remote code execution in samba
2010-07-01 11:11:15
Security update for Samba (critical)
2012-03-09 17:08:16
osv
osv
samba - several vulnerabilities
2010-02-28 00:00:00
cifs-utils-6.5-1.5 on GA media
2024-06-15 00:00:00
ctdb-4.5.0-1.1 on GA media
2024-06-15 00:00:00
redhat
redhat
(RHSA-2011:1219) Moderate: samba security update
2011-08-29 00:00:00
centos
centos
libsmbclient, samba security update
2011-08-29 21:13:06
oraclelinux
oraclelinux
samba security update
2011-08-29 00:00:00
samba security, bug fix, and enhancement update
2012-03-01 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

26.9%

JSON
Related for UBUNTU_USN-893-1.NASL
prion1ubuntucve1cvelist1nvd2debiancve1veracode1cve2openvas26nessus18ubuntu1gentoo1suse2osv3redhat1centos1oraclelinux2vmware2