ID CVE-2013-4124
Summary Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 10.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.10
    cpe:2.3:o:canonical:ubuntu_linux:12.10
  • Canonical Ubuntu Linux 13.04
    cpe:2.3:o:canonical:ubuntu_linux:13.04
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Fedora 18
    cpe:2.3:o:fedoraproject:fedora:18
  • Fedora 19
    cpe:2.3:o:fedoraproject:fedora:19
  • Samba 3.0.0
    cpe:2.3:a:samba:samba:3.0.0
  • Samba 3.0.1
    cpe:2.3:a:samba:samba:3.0.1
  • Samba 3.0.2
    cpe:2.3:a:samba:samba:3.0.2
  • Samba 3.0.2a
    cpe:2.3:a:samba:samba:3.0.2:a
  • Samba 3.0.2a
    cpe:2.3:a:samba:samba:3.0.2a
  • Samba 3.0.3
    cpe:2.3:a:samba:samba:3.0.3
  • Samba 3.0.4
    cpe:2.3:a:samba:samba:3.0.4
  • Samba 3.0.4 release candidate 1
    cpe:2.3:a:samba:samba:3.0.4:rc1
  • Samba 3.0.5
    cpe:2.3:a:samba:samba:3.0.5
  • Samba 3.0.6
    cpe:2.3:a:samba:samba:3.0.6
  • Samba 3.0.7
    cpe:2.3:a:samba:samba:3.0.7
  • Samba 3.0.8
    cpe:2.3:a:samba:samba:3.0.8
  • Samba 3.0.9
    cpe:2.3:a:samba:samba:3.0.9
  • Samba 3.0.10
    cpe:2.3:a:samba:samba:3.0.10
  • Samba 3.0.11
    cpe:2.3:a:samba:samba:3.0.11
  • Samba 3.0.12
    cpe:2.3:a:samba:samba:3.0.12
  • Samba 3.0.13
    cpe:2.3:a:samba:samba:3.0.13
  • Samba 3.0.14
    cpe:2.3:a:samba:samba:3.0.14
  • Samba 3.0.14a
    cpe:2.3:a:samba:samba:3.0.14:a
  • Samba 3.0.14a
    cpe:2.3:a:samba:samba:3.0.14a
  • Samba 3.0.15
    cpe:2.3:a:samba:samba:3.0.15
  • Samba 3.0.16
    cpe:2.3:a:samba:samba:3.0.16
  • Samba 3.0.17
    cpe:2.3:a:samba:samba:3.0.17
  • Samba 3.0.18
    cpe:2.3:a:samba:samba:3.0.18
  • Samba 3.0.19
    cpe:2.3:a:samba:samba:3.0.19
  • Samba 3.0.20
    cpe:2.3:a:samba:samba:3.0.20
  • Samba 3.0.20a
    cpe:2.3:a:samba:samba:3.0.20:a
  • Samba 3.0.20b
    cpe:2.3:a:samba:samba:3.0.20:b
  • Samba 3.0.20a
    cpe:2.3:a:samba:samba:3.0.20a
  • Samba 3.0.20b
    cpe:2.3:a:samba:samba:3.0.20b
  • Samba 3.0.21
    cpe:2.3:a:samba:samba:3.0.21
  • Samba 3.0.21a
    cpe:2.3:a:samba:samba:3.0.21:a
  • Samba 3.0.21b
    cpe:2.3:a:samba:samba:3.0.21:b
  • Samba 3.0.21c
    cpe:2.3:a:samba:samba:3.0.21:c
  • Samba 3.0.21a
    cpe:2.3:a:samba:samba:3.0.21a
  • Samba 3.0.21b
    cpe:2.3:a:samba:samba:3.0.21b
  • Samba 3.0.21c
    cpe:2.3:a:samba:samba:3.0.21c
  • Samba 3.0.22
    cpe:2.3:a:samba:samba:3.0.22
  • Samba 3.0.23
    cpe:2.3:a:samba:samba:3.0.23
  • Samba 3.0.23a
    cpe:2.3:a:samba:samba:3.0.23:a
  • Samba 3.0.23b
    cpe:2.3:a:samba:samba:3.0.23:b
  • Samba 3.0.23c
    cpe:2.3:a:samba:samba:3.0.23:c
  • Samba 3.0.23d
    cpe:2.3:a:samba:samba:3.0.23:d
  • Samba 3.0.23a
    cpe:2.3:a:samba:samba:3.0.23a
  • Samba 3.0.23b
    cpe:2.3:a:samba:samba:3.0.23b
  • Samba 3.0.23c
    cpe:2.3:a:samba:samba:3.0.23c
  • Samba 3.0.23d
    cpe:2.3:a:samba:samba:3.0.23d
  • Samba 3.0.24
    cpe:2.3:a:samba:samba:3.0.24
  • Samba 3.0.25
    cpe:2.3:a:samba:samba:3.0.25
  • Samba 3.0.25a
    cpe:2.3:a:samba:samba:3.0.25:a
  • Samba 3.0.25b
    cpe:2.3:a:samba:samba:3.0.25:b
  • Samba 3.0.25c
    cpe:2.3:a:samba:samba:3.0.25:c
  • Samba 3.0.25 pre1
    cpe:2.3:a:samba:samba:3.0.25:pre1
  • Samba 3.0.25 pre2
    cpe:2.3:a:samba:samba:3.0.25:pre2
  • Samba 3.0.25 release candidate 1
    cpe:2.3:a:samba:samba:3.0.25:rc1
  • Samba 3.0.25 release candiate 2
    cpe:2.3:a:samba:samba:3.0.25:rc2
  • Samba 3.0.25 release candidate 3
    cpe:2.3:a:samba:samba:3.0.25:rc3
  • Samba 3.0.25a
    cpe:2.3:a:samba:samba:3.0.25a
  • Samba 3.0.25b
    cpe:2.3:a:samba:samba:3.0.25b
  • Samba 3.0.25c
    cpe:2.3:a:samba:samba:3.0.25c
  • Samba 3.0.26
    cpe:2.3:a:samba:samba:3.0.26
  • Samba 3.0.26a
    cpe:2.3:a:samba:samba:3.0.26:a
  • Samba 3.0.26a
    cpe:2.3:a:samba:samba:3.0.26a
  • Samba 3.0.27
    cpe:2.3:a:samba:samba:3.0.27
  • Samba 3.0.27a
    cpe:2.3:a:samba:samba:3.0.27:a
  • Samba 3.0.28
    cpe:2.3:a:samba:samba:3.0.28
  • Samba 3.0.28a
    cpe:2.3:a:samba:samba:3.0.28:a
  • Samba 3.0.29
    cpe:2.3:a:samba:samba:3.0.29
  • Samba 3.0.30
    cpe:2.3:a:samba:samba:3.0.30
  • Samba 3.0.31
    cpe:2.3:a:samba:samba:3.0.31
  • Samba 3.0.32
    cpe:2.3:a:samba:samba:3.0.32
  • Samba 3.0.33
    cpe:2.3:a:samba:samba:3.0.33
  • Samba 3.0.34
    cpe:2.3:a:samba:samba:3.0.34
  • Samba 3.0.35
    cpe:2.3:a:samba:samba:3.0.35
  • Samba 3.0.36
    cpe:2.3:a:samba:samba:3.0.36
  • Samba 3.0.37
    cpe:2.3:a:samba:samba:3.0.37
  • Samba 3.1.0
    cpe:2.3:a:samba:samba:3.1.0
  • Samba 3.2.0
    cpe:2.3:a:samba:samba:3.2.0
  • Samba 3.2.1
    cpe:2.3:a:samba:samba:3.2.1
  • Samba 3.2.2
    cpe:2.3:a:samba:samba:3.2.2
  • Samba 3.2.3
    cpe:2.3:a:samba:samba:3.2.3
  • Samba 3.2.4
    cpe:2.3:a:samba:samba:3.2.4
  • Samba 3.2.5
    cpe:2.3:a:samba:samba:3.2.5
  • Samba 3.2.6
    cpe:2.3:a:samba:samba:3.2.6
  • Samba 3.2.7
    cpe:2.3:a:samba:samba:3.2.7
  • Samba 3.2.8
    cpe:2.3:a:samba:samba:3.2.8
  • Samba 3.2.9
    cpe:2.3:a:samba:samba:3.2.9
  • Samba 3.2.10
    cpe:2.3:a:samba:samba:3.2.10
  • Samba 3.2.11
    cpe:2.3:a:samba:samba:3.2.11
  • Samba 3.2.12
    cpe:2.3:a:samba:samba:3.2.12
  • Samba 3.2.13
    cpe:2.3:a:samba:samba:3.2.13
  • Samba 3.2.14
    cpe:2.3:a:samba:samba:3.2.14
  • Samba 3.2.15
    cpe:2.3:a:samba:samba:3.2.15
  • Samba 3.3.0
    cpe:2.3:a:samba:samba:3.3.0
  • Samba 3.3.1
    cpe:2.3:a:samba:samba:3.3.1
  • Samba 3.3.2
    cpe:2.3:a:samba:samba:3.3.2
  • Samba 3.3.3
    cpe:2.3:a:samba:samba:3.3.3
  • Samba 3.3.4
    cpe:2.3:a:samba:samba:3.3.4
  • Samba 3.3.5
    cpe:2.3:a:samba:samba:3.3.5
  • Samba 3.3.6
    cpe:2.3:a:samba:samba:3.3.6
  • Samba 3.3.7
    cpe:2.3:a:samba:samba:3.3.7
  • Samba 3.3.8
    cpe:2.3:a:samba:samba:3.3.8
  • Samba 3.3.9
    cpe:2.3:a:samba:samba:3.3.9
  • Samba 3.3.10
    cpe:2.3:a:samba:samba:3.3.10
  • Samba 3.3.11
    cpe:2.3:a:samba:samba:3.3.11
  • Samba 3.3.12
    cpe:2.3:a:samba:samba:3.3.12
  • Samba 3.3.13
    cpe:2.3:a:samba:samba:3.3.13
  • Samba 3.3.14
    cpe:2.3:a:samba:samba:3.3.14
  • Samba 3.3.15
    cpe:2.3:a:samba:samba:3.3.15
  • Samba 3.3.16
    cpe:2.3:a:samba:samba:3.3.16
  • Samba 3.4.0
    cpe:2.3:a:samba:samba:3.4.0
  • Samba 3.4.1
    cpe:2.3:a:samba:samba:3.4.1
  • Samba 3.4.2
    cpe:2.3:a:samba:samba:3.4.2
  • Samba 3.4.3
    cpe:2.3:a:samba:samba:3.4.3
  • Samba 3.4.4
    cpe:2.3:a:samba:samba:3.4.4
  • Samba 3.4.5
    cpe:2.3:a:samba:samba:3.4.5
  • Samba 3.4.6
    cpe:2.3:a:samba:samba:3.4.6
  • Samba 3.4.7
    cpe:2.3:a:samba:samba:3.4.7
  • Samba 3.4.8
    cpe:2.3:a:samba:samba:3.4.8
  • Samba 3.4.9
    cpe:2.3:a:samba:samba:3.4.9
  • Samba 3.4.10
    cpe:2.3:a:samba:samba:3.4.10
  • Samba 3.4.11
    cpe:2.3:a:samba:samba:3.4.11
  • Samba 3.4.12
    cpe:2.3:a:samba:samba:3.4.12
  • Samba 3.4.13
    cpe:2.3:a:samba:samba:3.4.13
  • Samba 3.4.14
    cpe:2.3:a:samba:samba:3.4.14
  • Samba 3.4.15
    cpe:2.3:a:samba:samba:3.4.15
  • Samba 3.4.16
    cpe:2.3:a:samba:samba:3.4.16
  • Samba 3.4.17
    cpe:2.3:a:samba:samba:3.4.17
  • Samba 3.5.0
    cpe:2.3:a:samba:samba:3.5.0
  • Samba 3.5.1
    cpe:2.3:a:samba:samba:3.5.1
  • Samba 3.5.2
    cpe:2.3:a:samba:samba:3.5.2
  • Samba 3.5.10
    cpe:2.3:a:samba:samba:3.5.10
  • Samba 3.5.11
    cpe:2.3:a:samba:samba:3.5.11
  • Samba 3.5.12
    cpe:2.3:a:samba:samba:3.5.12
  • Samba 3.5.13
    cpe:2.3:a:samba:samba:3.5.13
  • Samba 3.5.14
    cpe:2.3:a:samba:samba:3.5.14
  • Samba 3.5.15
    cpe:2.3:a:samba:samba:3.5.15
  • Samba 3.5.16
    cpe:2.3:a:samba:samba:3.5.16
  • Samba 3.5.17
    cpe:2.3:a:samba:samba:3.5.17
  • Samba 3.5.18
    cpe:2.3:a:samba:samba:3.5.18
  • Samba 3.5.19
    cpe:2.3:a:samba:samba:3.5.19
  • Samba 3.5.20
    cpe:2.3:a:samba:samba:3.5.20
  • Samba 3.5.21
    cpe:2.3:a:samba:samba:3.5.21
  • Samba 3.6.0
    cpe:2.3:a:samba:samba:3.6.0
  • Samba 3.6.1
    cpe:2.3:a:samba:samba:3.6.1
  • Samba 3.6.2
    cpe:2.3:a:samba:samba:3.6.2
  • Samba 3.6.3
    cpe:2.3:a:samba:samba:3.6.3
  • Samba 3.6.4
    cpe:2.3:a:samba:samba:3.6.4
  • Samba 3.6.5
    cpe:2.3:a:samba:samba:3.6.5
  • Samba 3.6.6
    cpe:2.3:a:samba:samba:3.6.6
  • Samba 3.6.7
    cpe:2.3:a:samba:samba:3.6.7
  • Samba 3.6.8
    cpe:2.3:a:samba:samba:3.6.8
  • Samba 3.6.9
    cpe:2.3:a:samba:samba:3.6.9
  • Samba 3.6.10
    cpe:2.3:a:samba:samba:3.6.10
  • Samba 3.6.11
    cpe:2.3:a:samba:samba:3.6.11
  • Samba 3.6.12
    cpe:2.3:a:samba:samba:3.6.12
  • Samba 3.6.13
    cpe:2.3:a:samba:samba:3.6.13
  • Samba 3.6.14
    cpe:2.3:a:samba:samba:3.6.14
  • Samba 3.6.15
    cpe:2.3:a:samba:samba:3.6.15
  • Samba 3.6.16
    cpe:2.3:a:samba:samba:3.6.16
  • Samba 4.0.0
    cpe:2.3:a:samba:samba:4.0.0
  • Samba 4.0.1
    cpe:2.3:a:samba:samba:4.0.1
  • Samba 4.0.2
    cpe:2.3:a:samba:samba:4.0.2
  • Samba 4.0.3
    cpe:2.3:a:samba:samba:4.0.3
  • Samba 4.0.4
    cpe:2.3:a:samba:samba:4.0.4
  • Samba 4.0.5
    cpe:2.3:a:samba:samba:4.0.5
  • Samba 4.0.6
    cpe:2.3:a:samba:samba:4.0.6
  • Samba 4.0.7
    cpe:2.3:a:samba:samba:4.0.7
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • OpenSUSE 12.3
    cpe:2.3:o:opensuse:opensuse:12.3
CVSS
Base: 5.0 (as of 06-03-2015 - 11:10)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Samba nttrans Reply - Integer Overflow Vulnerability. CVE-2013-4124. Dos exploit for linux platform
id EDB-ID:27778
last seen 2016-02-03
modified 2013-08-22
published 2013-08-22
reporter x90c
source https://www.exploit-db.com/download/27778/
title Samba nttrans Reply - Integer Overflow Vulnerability
metasploit via4
description Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Important Note: in order to work, the "ea support" option on the target share must be enabled.
id MSF:AUXILIARY/DOS/SAMBA/READ_NTTRANS_EA_LIST
last seen 2019-03-29
modified 2017-07-24
published 2013-08-28
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb
title Samba read_nttrans_ea_list Integer Overflow
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-218-03.NASL
    description New samba packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen 2019-01-03
    modified 2019-01-02
    plugin id 69226
    published 2013-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69226
    title Slackware 13.1 / 13.37 / 14.0 / current : samba (SSA:2013-218-03)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201502-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-01-10
    plugin id 81536
    published 2015-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81536
    title GLSA-201502-15 : Samba: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E21C7C7A011611E39E833C970E169BC2.NASL
    description The Samba project reports : All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 69293
    published 2013-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69293
    title FreeBSD : samba -- denial of service vulnerability (e21c7c7a-0116-11e3-9e83-3c970e169bc2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9132.NASL
    description Update to Samba 4.0.21. CVE-2014-3560. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 77268
    published 2014-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77268
    title Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130930_SAMBA3X_ON_SL5_X.NASL
    description It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70390
    published 2013-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70390
    title Scientific Linux Security Update : samba3x on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1543.NASL
    description Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs : * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79160
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79160
    title CentOS 6 : samba4 (CESA-2013:1543)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1542.NASL
    description Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71002
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71002
    title RHEL 6 : samba (RHSA-2013:1542)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-14355.NASL
    description Update to 4.0.8 (CVE-2013-4124). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 69362
    published 2013-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69362
    title Fedora 18 : samba-4.0.8-1.fc18 (2013-14355)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140317_SAMBA_ON_SL5_X.NASL
    description It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 73074
    published 2014-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73074
    title Scientific Linux Security Update : samba on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0305.NASL
    description Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73072
    published 2014-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73072
    title RHEL 5 : samba (RHSA-2014:0305)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0305.NASL
    description Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73063
    published 2014-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73063
    title CentOS 5 : samba (CESA-2014:0305)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0723-1.NASL
    description This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked. - CVE-2013-4124: Samba was affected by a denial of service attack on authenticated or guest connections. - CVE-2013-0214: The SWAT webadministration was affected by a cross site scripting attack (XSS). - CVE-2013-0213: The SWAT webadministration could possibly be used in clickjacking attacks. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 83623
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83623
    title SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1310.NASL
    description From Red Hat Security Advisory 2013:1310 : Updated samba3x packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70346
    published 2013-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70346
    title Oracle Linux 5 : samba3x (ELSA-2013-1310)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1310.NASL
    description Updated samba3x packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 70245
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70245
    title RHEL 5 : samba3x (RHSA-2013:1310)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_SAMBA_20140102.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. (CVE-2013-4124)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80764
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80764
    title Oracle Solaris Third-Party Patch Update : samba (cve_2013_4124_denial_of)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-14312.NASL
    description Update to 4.0.8 (CVE-2013-4124). Fix location of the Kerberos credentials cache. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 69291
    published 2013-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69291
    title Fedora 19 : samba-4.0.8-1.fc19 (2013-14312)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1966-1.NASL
    description Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 70116
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70116
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : samba vulnerability (USN-1966-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-207.NASL
    description A vulnerability has been found and corrected in samba : Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet (CVE-2013-4124). The updated packages for Enterprise Server 5.2 has been patched to correct this issue. The updated packages for Business Server 1 has been upgraded to the 3.6.17 version which resolves many upstream bugs and is not vulnerable to this issue. Additionally the libtevent packages are being provided which is a requirement since samba 3.6.16.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 69230
    published 2013-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69230
    title Mandriva Linux Security Advisory : samba (MDVSA-2013:207)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1543.NASL
    description From Red Hat Security Advisory 2013:1543 : Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs : * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71104
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71104
    title Oracle Linux 6 : samba4 (ELSA-2013-1543)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1543.NASL
    description Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs : * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71003
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71003
    title RHEL 6 : samba4 (RHSA-2013:1543)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_SAMBA4_ON_SL6_X.NASL
    description An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs : - When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. - Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71200
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71200
    title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-651.NASL
    description This update of samba fixed the following issues : - The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20; (bnc#806501). - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969). - PIDL: fix parsing linemarkers in preprocessor output; (bso#9636). - build:autoconf: fix output of syslog-facility check; (bso#9983). - libreplace: add a missing 'eval' to the AC_VERIFY_C_PROTOTYPE macro. - Remove ldapsmb from the main spec file. - Don't bzip2 the main tar ball, use the upstream gziped one instead. - Fix crash bug during Win8 sync; (bso#9822). - Check for system libtevent and link dbwrap_tool and dbwrap_torture against it; (bso#9881). - errno gets overwritten in call to check_parent_exists(); (bso#9927). - Fix a bug of drvupgrade of smbcontrol; (bso#9941). - Document idmap_ad rfc2307 attribute requirements; (bso#9880); (bnc#820531). - Don't package the SWAT man page while its build is disabled; (bnc#816647). - Don't install the tdb utilities man pages on post-12.1 systems; (bnc#823549). - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). - s3-docs: Remove 'experimental' label on 'max protocol=SMB2' parameter; (bso#9688). - Remove the compound_related_in_progress state from the smb2 global state; (bso#9722). - Makefile: Don't know how to make LIBNDR_PREG_OBJ; (bso#9868). - Fix is_printer_published GUID retrieval; (bso#9900); (bnc#798856). - Fix 'map untrusted to domain' with NTLMv2; (bso#9817); (bnc#817919). - Don't modify the pidfile name when a custom config file path is used; (bnc#812929). - Add extra attributes for AD printer publishing; (bso#9378); (bnc#798856). - Fix vfs_catia module; (bso#9701); (bnc#824833). systems; (bnc#804822); (bnc#821889). - Fix AD printer publishing; (bso#9378); (bnc#798856).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75121
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75121
    title openSUSE Security Update : samba (openSUSE-SU-2013:1349-1)
  • NASL family Misc.
    NASL id SAMBA_4_0_8.NASL
    description According to its banner, the version of Samba running on the remote host is 3.x prior to 3.5.22, 3.6.x prior to 3.6.17 or 4.0.x prior to 4.0.8. It is, therefore, potentially affected by a denial of service vulnerability. An integer overflow error exists in the function 'read_nttrans_ea_lis' in the file 'nttrans.c' that could allow denial of service attacks to be carried out via specially crafted network traffic. Note if 'guest' connections are allowed, this issue can be exploited by a remote, unauthenticated attacker. Further note that Nessus has relied only on the self-reported version number and has not actually tried to exploit this issue or determine if the associated patch has been applied.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69276
    published 2013-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69276
    title Samba 3.x < 3.5.22 / 3.6.x < 3.6.17 / 4.0.x < 4.0.8 read_nttrans_ea_lis DoS
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-644.NASL
    description This update of samba fixed the following issues : - The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20; (bnc#806501). - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969). - PIDL: fix parsing linemarkers in preprocessor output; (bso#9636). - build:autoconf: fix output of syslog-facility check; (bso#9983). - libreplace: add a missing 'eval' to the AC_VERIFY_C_PROTOTYPE macro. - Remove ldapsmb from the main spec file. - Don't bzip2 the main tar ball, use the upstream gziped one instead. - Fix crash bug during Win8 sync; (bso#9822). - Check for system libtevent and link dbwrap_tool and dbwrap_torture against it; (bso#9881). - errno gets overwritten in call to check_parent_exists(); (bso#9927). - Fix a bug of drvupgrade of smbcontrol; (bso#9941). - Document idmap_ad rfc2307 attribute requirements; (bso#9880); (bnc#820531). - Don't install the tdb utilities man pages on post-12.1 systems; (bnc#823549). - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). - Fix is_printer_published GUID retrieval; (bso#9900); (bnc#798856). - Fix 'map untrusted to domain' with NTLMv2; (bso#9817); (bnc#817919). - Don't modify the pidfile name when a custom config file path is used; (bnc#812929). - Add extra attributes for AD printer publishing; (bso#9378); (bnc#798856). - Fix vfs_catia module; (bso#9701); (bnc#824833). - Fix AD printer publishing; (bso#9378); (bnc#798856).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75116
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75116
    title openSUSE Security Update : samba (openSUSE-SU-2013:1339-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1542.NASL
    description From Red Hat Security Advisory 2013:1542 : Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71103
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71103
    title Oracle Linux 6 : samba (ELSA-2013-1542)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_SAMBA_ON_SL6_X.NASL
    description It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71201
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71201
    title Scientific Linux Security Update : samba on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1542.NASL
    description Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79159
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79159
    title CentOS 6 : samba (CESA-2013:1542)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0305.NASL
    description From Red Hat Security Advisory 2014:0305 : Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 73070
    published 2014-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73070
    title Oracle Linux 5 : samba (ELSA-2014-0305)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1310.NASL
    description Updated samba3x packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79150
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79150
    title CentOS 5 : samba3x (CESA-2013:1310)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CIFS-MOUNT-130806.NASL
    description The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124). Additionally, the following stability fixes are included in this update : - Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same. (bnc#800782) - Fix smbclient recursive mget EPERM handling. (bnc#786350) - Fix SMB1 Session Setup AndX handling with a large krb PAC. (bnc#802031) - Fix periodic printcap cache reloads. (bnc#807334) - Fix AD printer publishing. (bnc#798856) - Add extra attributes for AD printer publishing. (bnc#798856) - Fix is_printer_published GUID retrieval. (bnc#798856) - Fix vfs_catia module. (bnc#824833) - Don't modify the pidfile name when a custom config file path is used. (bnc#812929) - Fix the username map optimization. (bnc#815994) - Fix libreplace license ambiguity. (bnc#765270) - Document idmap_ad rfc2307 attribute requirements. (bnc#820531) - The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20. (bnc#806501)
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 70018
    published 2013-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70018
    title SuSE 11.2 Security Update : Samba (SAT Patch Number 8170)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CIFS-MOUNT-130807.NASL
    description The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124). Additionally, the following stability fixes are included in this update : - Fix libreplace license ambiguity. (bnc#765270) - Document idmap_ad rfc2307 attribute requirements. (bnc#820531) - The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20. (bnc#806501).
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 70019
    published 2013-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70019
    title SuSE 11.3 Security Update : Samba (SAT Patch Number 8171)
redhat via4
advisories
  • bugzilla
    id 984401
    title CVE-2013-4124 samba: DoS via integer overflow when reading an EA list
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment samba3x is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310002
        • comment samba3x is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488029
      • AND
        • comment samba3x-client is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310016
        • comment samba3x-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488043
      • AND
        • comment samba3x-common is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310004
        • comment samba3x-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488031
      • AND
        • comment samba3x-doc is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310010
        • comment samba3x-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488035
      • AND
        • comment samba3x-domainjoin-gui is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310008
        • comment samba3x-domainjoin-gui is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488041
      • AND
        • comment samba3x-swat is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310014
        • comment samba3x-swat is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488045
      • AND
        • comment samba3x-winbind is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310006
        • comment samba3x-winbind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488053
      • AND
        • comment samba3x-winbind-devel is earlier than 0:3.6.6-0.136.el5
          oval oval:com.redhat.rhsa:tst:20131310012
        • comment samba3x-winbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488047
    rhsa
    id RHSA-2013:1310
    released 2013-09-30
    severity Moderate
    title RHSA-2013:1310: samba3x security and bug fix update (Moderate)
  • bugzilla
    id 984401
    title CVE-2013-4124 samba: DoS via integer overflow when reading an EA list
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libsmbclient is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542025
        • comment libsmbclient is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860012
      • AND
        • comment libsmbclient-devel is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542007
        • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860022
      • AND
        • comment samba is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542005
        • comment samba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860006
      • AND
        • comment samba-client is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542013
        • comment samba-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860014
      • AND
        • comment samba-common is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542015
        • comment samba-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860016
      • AND
        • comment samba-doc is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542023
        • comment samba-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860026
      • AND
        • comment samba-domainjoin-gui is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542017
        • comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860024
      • AND
        • comment samba-swat is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542011
        • comment samba-swat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860008
      • AND
        • comment samba-winbind is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542009
        • comment samba-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860010
      • AND
        • comment samba-winbind-clients is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542027
        • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860020
      • AND
        • comment samba-winbind-devel is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542021
        • comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100860018
      • AND
        • comment samba-winbind-krb5-locator is earlier than 0:3.6.9-164.el6
          oval oval:com.redhat.rhsa:tst:20131542019
        • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111221018
    rhsa
    id RHSA-2013:1542
    released 2013-11-21
    severity Moderate
    title 2: samba security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 984401
    title CVE-2013-4124 samba: DoS via integer overflow when reading an EA list
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment samba4 is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543005
        • comment samba4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506006
      • AND
        • comment samba4-client is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543019
        • comment samba4-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506014
      • AND
        • comment samba4-common is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543031
        • comment samba4-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506022
      • AND
        • comment samba4-dc is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543025
        • comment samba4-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506020
      • AND
        • comment samba4-dc-libs is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543029
        • comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506028
      • AND
        • comment samba4-devel is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543013
        • comment samba4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506026
      • AND
        • comment samba4-libs is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543027
        • comment samba4-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506010
      • AND
        • comment samba4-pidl is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543021
        • comment samba4-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506032
      • AND
        • comment samba4-python is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543011
        • comment samba4-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506030
      • AND
        • comment samba4-swat is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543017
        • comment samba4-swat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506016
      • AND
        • comment samba4-test is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543015
        • comment samba4-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506008
      • AND
        • comment samba4-winbind is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543023
        • comment samba4-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506024
      • AND
        • comment samba4-winbind-clients is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543007
        • comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506012
      • AND
        • comment samba4-winbind-krb5-locator is earlier than 0:4.0.0-58.el6.rc4
          oval oval:com.redhat.rhsa:tst:20131543009
        • comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506018
    rhsa
    id RHSA-2013:1543
    released 2013-11-21
    severity Moderate
    title RHSA-2013:1543: samba4 security and bug fix update (Moderate)
  • bugzilla
    id 984401
    title CVE-2013-4124 samba: DoS via integer overflow when reading an EA list
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libsmbclient is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305012
        • comment libsmbclient is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488023
      • AND
        • comment libsmbclient-devel is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305008
        • comment libsmbclient-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100488025
      • AND
        • comment samba is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305002
        • comment samba is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061003
      • AND
        • comment samba-client is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305004
        • comment samba-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061009
      • AND
        • comment samba-common is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305006
        • comment samba-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061005
      • AND
        • comment samba-swat is earlier than 0:3.0.33-3.40.el5_10
          oval oval:com.redhat.rhsa:tst:20140305010
        • comment samba-swat is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061007
    rhsa
    id RHSA-2014:0305
    released 2014-03-17
    severity Moderate
    title RHSA-2014:0305: samba security update (Moderate)
rpms
  • samba3x-0:3.6.6-0.136.el5
  • samba3x-client-0:3.6.6-0.136.el5
  • samba3x-common-0:3.6.6-0.136.el5
  • samba3x-doc-0:3.6.6-0.136.el5
  • samba3x-domainjoin-gui-0:3.6.6-0.136.el5
  • samba3x-swat-0:3.6.6-0.136.el5
  • samba3x-winbind-0:3.6.6-0.136.el5
  • samba3x-winbind-devel-0:3.6.6-0.136.el5
  • libsmbclient-0:3.6.9-164.el6
  • libsmbclient-devel-0:3.6.9-164.el6
  • samba-0:3.6.9-164.el6
  • samba-client-0:3.6.9-164.el6
  • samba-common-0:3.6.9-164.el6
  • samba-doc-0:3.6.9-164.el6
  • samba-domainjoin-gui-0:3.6.9-164.el6
  • samba-swat-0:3.6.9-164.el6
  • samba-winbind-0:3.6.9-164.el6
  • samba-winbind-clients-0:3.6.9-164.el6
  • samba-winbind-devel-0:3.6.9-164.el6
  • samba-winbind-krb5-locator-0:3.6.9-164.el6
  • samba4-0:4.0.0-58.el6.rc4
  • samba4-client-0:4.0.0-58.el6.rc4
  • samba4-common-0:4.0.0-58.el6.rc4
  • samba4-dc-0:4.0.0-58.el6.rc4
  • samba4-dc-libs-0:4.0.0-58.el6.rc4
  • samba4-devel-0:4.0.0-58.el6.rc4
  • samba4-libs-0:4.0.0-58.el6.rc4
  • samba4-pidl-0:4.0.0-58.el6.rc4
  • samba4-python-0:4.0.0-58.el6.rc4
  • samba4-swat-0:4.0.0-58.el6.rc4
  • samba4-test-0:4.0.0-58.el6.rc4
  • samba4-winbind-0:4.0.0-58.el6.rc4
  • samba4-winbind-clients-0:4.0.0-58.el6.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-58.el6.rc4
  • libsmbclient-0:3.0.33-3.40.el5_10
  • libsmbclient-devel-0:3.0.33-3.40.el5_10
  • samba-0:3.0.33-3.40.el5_10
  • samba-client-0:3.0.33-3.40.el5_10
  • samba-common-0:3.0.33-3.40.el5_10
  • samba-swat-0:3.0.33-3.40.el5_10
refmap via4
bugtraq 20130806 [slackware-security] samba (SSA:2013-218-03)
confirm
fedora
  • FEDORA-2013-14312
  • FEDORA-2013-14355
  • FEDORA-2014-9132
gentoo GLSA-201502-15
hp
  • HPSBUX03087
  • SSRT101413
mandriva MDVSA-2013:207
osvdb 95969
sectrack 1028882
secunia 54519
suse
  • openSUSE-SU-2013:1339
  • openSUSE-SU-2013:1349
ubuntu USN-1966-1
xf samba-cve20134121-dos(86185)
Last major update 06-01-2017 - 21:59
Published 05-08-2013 - 22:56
Last modified 30-10-2018 - 12:27
Back to Top