Oracle Linux 6 : samba4 (ELSA-2013-0506)

critical Nessus Plugin ID 68746

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0506 advisory.

[4.0.0-55.rc4]
- Fix dependencies of samba4-test package.
- related: #896142

[4.0.0-54.rc4]
- Fix summary and description of dc subpackages.
- resolves: #896142
- Remove conflicting libsmbclient.7 manpage.
- resolves: #896240

[4.0.0-53.rc4]
- Fix provides filter rules to remove conflicting libraries from samba4-libs.
- resolves: #895718

[4.0.0-52.rc4]
- Fix typo in winbind-krb-locator post uninstall script.
- related: #864889

[4.0.0-51.rc4]
- Make sure we use the same directory as samba package for the winbind pipe.
- resolves: #886157

[4.0.0-50.rc4]
- Fix typo in winbind-krb-locator post uninstall script.
- related: #864889

[4.0.0-49.rc4]
- Fix Netlogon AES encryption.
- resolves: #885089

[4.0.0-48.rc4]
- Fix IPA trust AD lookup of users.
- resolves: #878564

[4.0.0-47.rc4]
- Add require for krb5-libs >= 1.10 to samba4-libs.
- resolves: #877533

[4.0.0-46.rc4]
- Rename /etc/sysconfig/samba4 to name to mach init scripts.
- resolves: #877085

[4.0.0-45.rc4]
- Don't require samba4-common and samba4-test in samba4-devel package.
- related: #871748

[4.0.0-44.rc4]
- Make libnetapi and internal library to fix dependencies.
- resolves: #873491

[4.0.0-43.rc4]
- Move libnetapi and internal printing migration lib to libs package.
- related: #766333

[4.0.0-42.rc4]
- Fix perl, pam and logrotate dependencies.
- related: #766333

[4.0.0-41.rc4]
- Fix library dependencies found by rpmdiff.
- Update winbind offline logon patch.
- related: #766333

[4.0.0-40.rc4]
- Move libgpo to samba-common
- resolves: #871748

[4.0.0-39.rc4]
- Rebase to version 4.0.0rc4.
- related: #766333

[4.0.0-38.rc3]
- Add missing export KRB5CCNAME in init scripts.
- resolves: #868419

[4.0.0-37.rc3]
- Move /var/log/samba to samba-common package for winbind which requires it.
- resolves: #868248

[4.0.0-36.rc3]
- The standard auth modules need to be built into smbd to function.
- resolves: #867854

[4.0.0-35.rc3]
- Move pam_winbind.conf to the package of the module.
- resolves: #867317

[4.0.0-34.rc3]
- Built auth_builtin as static module.
- related: #766333

[4.0.0-33.rc3]
- Add back the AES patches which didn't make it in rc3.
- related: #766333

[4.0.0-32.rc3]
- Rebase to version 4.0.0rc3.
- related: #766333

[4.0.0-31.rc2]
- Use alternatives to configure winbind_krb5_locator.so
- resolves: #864889

[4.0.0-30.rc2]
- Fix multilib package installation.
- resolves: #862047
- Filter out libsmbclient and libwbclient provides.
- resolves: #861892
- Rebase to version 4.0.0rc2.
- related: #766333

[4.0.0-29.rc1]
- Fix Requires and Conflicts.
- related: #766333

[4.0.0-28.rc1]
- Move pam_winbind and wbinfo manpages to the right subpackage.
- related: #766333

[4.0.0-27.rc1]
- Fix permission for init scripts.
- Define a common KRB5CCNAME for smbd and winbind.
- Set piddir back to /var/run in RHEL6.
- related: #766333

[4.0.0-26.rc1]
- Add '-fno-strict-aliasing' to CFLAGS again.
- related: #766333

[4.0.0-25.rc1]
- Build with syste libldb package which has been just added.
- related: #766333

[4.0.0-24.rc1]
- Rebase to version 4.0.0rc1.
- resolves: #766333

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2013-0506.html

Plugin Details

Severity: Critical

ID: 68746

File Name: oraclelinux_ELSA-2013-0506.nasl

Version: 1.11

Type: local

Agent: unix

Published: 7/12/2013

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-1182

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:samba4-test, p-cpe:/a:oracle:linux:samba4-dc, p-cpe:/a:oracle:linux:samba4-python, p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator, p-cpe:/a:oracle:linux:samba4-devel, p-cpe:/a:oracle:linux:samba4-dc-libs, p-cpe:/a:oracle:linux:samba4-client, p-cpe:/a:oracle:linux:samba4-swat, p-cpe:/a:oracle:linux:samba4-winbind, cpe:/o:oracle:linux:6, p-cpe:/a:oracle:linux:samba4, p-cpe:/a:oracle:linux:samba4-pidl, p-cpe:/a:oracle:linux:samba4-winbind-clients, p-cpe:/a:oracle:linux:samba4-libs, p-cpe:/a:oracle:linux:samba4-common

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/28/2013

Vulnerability Publication Date: 4/10/2012

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Samba SetInformationPolicy AuditEventsInfo Heap Overflow)

Reference Information

CVE: CVE-2012-1182

BID: 52973

RHSA: 2013:0506