Detections
Analytics
NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2024-0054)
critical Nessus Plugin ID 206855
Synopsis
The remote NewStart CGSL host is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities:- Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). (CVE-2007-2446)
- The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the username map script smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. (CVE-2007-2447)
- Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response. (CVE-2008-1105)
- Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. (CVE-2009-2813)
- smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. (CVE-2009-2906)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL samba packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
https://security.gd-linux.com/notice/NS-SA-2024-0054
https://security.gd-linux.com/info/CVE-2007-2446
https://security.gd-linux.com/info/CVE-2007-2447
https://security.gd-linux.com/info/CVE-2008-1105
https://security.gd-linux.com/info/CVE-2009-2813
https://security.gd-linux.com/info/CVE-2009-2906
https://security.gd-linux.com/info/CVE-2009-2948
https://security.gd-linux.com/info/CVE-2012-0817
https://security.gd-linux.com/info/CVE-2012-1182
https://security.gd-linux.com/info/CVE-2012-2111
https://security.gd-linux.com/info/CVE-2012-6150
https://security.gd-linux.com/info/CVE-2013-0172
https://security.gd-linux.com/info/CVE-2013-0213
https://security.gd-linux.com/info/CVE-2013-0214
https://security.gd-linux.com/info/CVE-2013-4408
https://security.gd-linux.com/info/CVE-2013-4475
https://security.gd-linux.com/info/CVE-2013-4496
https://security.gd-linux.com/info/CVE-2013-6442
https://security.gd-linux.com/info/CVE-2014-0178
https://security.gd-linux.com/info/CVE-2014-0244
https://security.gd-linux.com/info/CVE-2014-3493
https://security.gd-linux.com/info/CVE-2014-3560
https://security.gd-linux.com/info/CVE-2015-3223
https://security.gd-linux.com/info/CVE-2015-5252
https://security.gd-linux.com/info/CVE-2015-5296
https://security.gd-linux.com/info/CVE-2015-5299
https://security.gd-linux.com/info/CVE-2015-5370
https://security.gd-linux.com/info/CVE-2015-7540
https://security.gd-linux.com/info/CVE-2015-7560
https://security.gd-linux.com/info/CVE-2016-2110
https://security.gd-linux.com/info/CVE-2016-2111
https://security.gd-linux.com/info/CVE-2016-2112
https://security.gd-linux.com/info/CVE-2016-2113
https://security.gd-linux.com/info/CVE-2016-2114
https://security.gd-linux.com/info/CVE-2016-2115
https://security.gd-linux.com/info/CVE-2016-2118
https://security.gd-linux.com/info/CVE-2016-2119
https://security.gd-linux.com/info/CVE-2016-2123
https://security.gd-linux.com/info/CVE-2016-2125
https://security.gd-linux.com/info/CVE-2016-2126
https://security.gd-linux.com/info/CVE-2017-12150
https://security.gd-linux.com/info/CVE-2017-12151
https://security.gd-linux.com/info/CVE-2017-12163
https://security.gd-linux.com/info/CVE-2017-14746
https://security.gd-linux.com/info/CVE-2017-15275
https://security.gd-linux.com/info/CVE-2017-2619
https://security.gd-linux.com/info/CVE-2017-7494
https://security.gd-linux.com/info/CVE-2018-1050
https://security.gd-linux.com/info/CVE-2018-1057
https://security.gd-linux.com/info/CVE-2018-10858
https://security.gd-linux.com/info/CVE-2018-10918
https://security.gd-linux.com/info/CVE-2018-10919
https://security.gd-linux.com/info/CVE-2018-1139
https://security.gd-linux.com/info/CVE-2020-14383
https://security.gd-linux.com/info/CVE-2021-44142
Plugin Details
Severity: Critical
ID: 206855
File Name: newstart_cgsl_NS-SA-2024-0054_samba.nasl
Version: 1.3
Type: local
Published: 9/10/2024
Updated: 9/17/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-7494
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:zte:cgsl_main:samba-common, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:samba-libs, p-cpe:/a:zte:cgsl_main:samba-winbind, p-cpe:/a:zte:cgsl_main:samba-winbind-modules, p-cpe:/a:zte:cgsl_main:samba, p-cpe:/a:zte:cgsl_main:samba-common-libs, p-cpe:/a:zte:cgsl_main:samba-client-libs, p-cpe:/a:zte:cgsl_main:libwbclient, p-cpe:/a:zte:cgsl_main:libsmbclient, p-cpe:/a:zte:cgsl_main:samba-winbind-clients, p-cpe:/a:zte:cgsl_main:samba-client, p-cpe:/a:zte:cgsl_main:samba-common-tools
Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/3/2024
Vulnerability Publication Date: 5/14/2007
CISA Known Exploited Vulnerability Due Dates: 4/20/2023
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Samba lsa_io_trans_names Heap Overflow)
Reference Information
CVE: CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5370, CVE-2015-7540, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-1057, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2020-14383, CVE-2021-44142, CVE-2023-34966, CVE-2023-34967
IAVA: 2016-A-0002-S, 2016-A-0095-S, 2016-A-0195-S, 2016-A-0353-S, 2017-A-0085-S, 2017-A-0163-S, 2017-A-0281-S, 2017-A-0344-S, 2018-A-0074-S, 2018-A-0257-S, 2020-A-0508-S, 2022-A-0054-S, 2023-A-0376-S
IAVB: 2009-B-0050-S, 2012-B-0045-S, 2012-B-0047-S, 2013-B-0006-S, 2013-B-0010-S, 2013-B-0131-S, 2014-B-0067-S, 2014-B-0105-S