openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)

critical Nessus Plugin ID 74600

Synopsis

The remote openSUSE host is missing a security update.

Description

- Add the ldapsmb sources as else patches against them have no chance to apply.

- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the 'root' user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815);
(bnc#752797).

- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599).

- Correctly handle DENY ACEs when privileges apply;
(bso#8797).

- s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749).

- Allow vfs_aio_pthread to build as a static module;
(bso#8723).

- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527).

- s3: segfault in dom_sid_compare(bso#8567).

- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768).

- s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).

- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).

- Fix problem when calculating the share security mask, take priviliges into account for the connecting user;
(bso#8784).

- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).

- Remove obsoleted Authors lines from spec file for post-11.2 systems.

- Make ldapsmb build with Fedora 15 and 16; (bso#8783).

- BuildRequire libuuid-devel for post-11.0 and other systems.

- Define missing python macros for non SUSE systems.

- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.

- Always use cifstab instead of smbfstab on non SUSE systems.

- Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870;
(bnc#747934).

- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);
(bnc#741854).

- s3-printing: fix crash in printer_list_set_printer();
(bso#8762); (bnc#746825).

Solution

Update the affected samba packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=741854

https://bugzilla.novell.com/show_bug.cgi?id=746825

https://bugzilla.novell.com/show_bug.cgi?id=747934

https://bugzilla.novell.com/show_bug.cgi?id=751454

https://bugzilla.novell.com/show_bug.cgi?id=752797

https://lists.opensuse.org/opensuse-updates/2012-04/msg00035.html

Plugin Details

Severity: Critical

ID: 74600

File Name: openSUSE-2012-223.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ldapsmb, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-devel, p-cpe:/a:novell:opensuse:samba-krb-printing, p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/15/2012

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Samba SetInformationPolicy AuditEventsInfo Heap Overflow)

Reference Information

CVE: CVE-2012-0870, CVE-2012-1182