Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310100476HistoryJan 29, 2010 - 12:00 a.m.
Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
2010-01-2900:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
364
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.2
Confidence
High
EPSS
0.002
Percentile
59.8%
Samba is prone to a local privilege-escalation vulnerability in the
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:samba:samba";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.100476");
script_version("2023-07-28T16:09:07+0000");
script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2010-01-29 17:41:41 +0100 (Fri, 29 Jan 2010)");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2009-3297", "CVE-2010-0787");
script_name("Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("General");
script_copyright("Copyright (C) 2010 Greenbone AG");
script_dependencies("smb_nativelanman.nasl", "gb_samba_detect.nasl");
script_mandatory_keys("samba/smb_or_ssh/detected");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37992");
script_tag(name:"summary", value:"Samba is prone to a local privilege-escalation vulnerability in the
'mount.cifs' utility.");
script_tag(name:"impact", value:"Local attackers can exploit this issue to gain elevated privileges on
affected computers.");
script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );
vers = infos['version'];
loc = infos['location'];
if( version_is_less_equal( version:vers, test_version:"3.4.5" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"3.4.6", install_path:loc );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
References
Related
nessus
nessus
Fedora 12 : samba-3.4.5-55.fc12 (2010-1218)
2010-07-01 00:00:00
Debian DSA-2004-1 : samba - several vulnerabilities
2010-03-02 00:00:00
Fedora 12 : samba-3.4.9-60.fc12 (2010-14678)
2010-09-16 00:00:00
ubuntu
ubuntu
Samba vulnerability
2010-01-28 00:00:00
FUSE vulnerability
2010-01-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-893-1)
2010-01-29 00:00:00
Debian: Security Advisory (DSA-2004-1)
2010-03-16 00:00:00
Ubuntu Update for fuse vulnerability USN-892-1
2010-01-29 00:00:00
osv
osv
samba - several vulnerabilities
2010-02-28 00:00:00
fuse-2.9.5-1.6 on GA media
2024-06-15 00:00:00
cifs-utils-6.5-1.5 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2009-3297
2010-03-02 18:30:00
CVE-2010-0787
2010-03-02 18:30:01
nvd
nvd
CVE-2009-3297
2010-03-02 18:30:00
CVE-2010-0787
2010-03-02 18:30:01
altlinux
altlinux
Security fix for the ALT Linux 5 package fuse version 2.8.2-alt1
2010-01-27 00:00:00
Security fix for the ALT Linux 6 package ncpfs version 2.2.6-alt9
2011-03-09 00:00:00
seebug
seebug
Samba 'mount.cifs'ćŹĺ°çšććĺćźć´
2010-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: ncpfs-2.2.6-12.fc11
2010-01-28 01:03:13
[SECURITY] Fedora 12 Update: samba-3.4.5-55.fc12
2010-01-29 03:33:35
[SECURITY] Fedora 11 Update: fuse-2.8.1-2.fc11
2010-02-01 01:08:01
debian
debian
[SECURITY] [DSA-1989-1] New fuse packages fix denial of service
2010-02-02 22:57:09
[SECURITY] [DSA-1989-1] New fuse packages fix denial of service
2010-02-02 22:57:09
[SECURITY] [DSA 2004-1] New samba packages fix several vulnerabilities
2010-02-28 21:55:00
securityvulns
securityvulns
[USN-893-1] Samba vulnerability
2010-02-04 00:00:00
Samba race conditions
2010-02-04 00:00:00
ncpfs, Multiple Vulnerabilities
2010-03-11 00:00:00
cvelist
cvelist
CVE-2009-3297
2010-03-02 18:00:00
CVE-2010-0787
2010-03-02 18:00:00
ubuntucve
ubuntucve
CVE-2010-0787
2010-03-02 00:00:00
prion
prion
Directory traversal
2010-03-02 18:30:00
debiancve
debiancve
CVE-2010-0787
2010-03-02 18:30:01
veracode
veracode
Symlink Attack
2020-04-10 00:51:48
gentoo
gentoo
mount-cifs: Multiple vulnerabilites
2012-06-25 00:00:00
suse
suse
potential remote code execution in samba
2010-07-01 11:11:15
Security update for Samba (critical)
2012-03-09 17:08:16
centos
centos
libsmbclient, samba security update
2011-08-29 21:13:06
redhat
redhat
(RHSA-2011:1219) Moderate: samba security update
2011-08-29 00:00:00
oraclelinux
oraclelinux
samba security update
2011-08-29 00:00:00
samba security, bug fix, and enhancement update
2012-03-01 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
5.2
Confidence
High
EPSS
0.002
Percentile
59.8%
Related for OPENVAS:1361412562310100476