 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2022.0054 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2022-0054) |
| Resumen: | The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2022-0054 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'samba' package(s) announced via the MGASA-2022-0054 advisory. Vulnerability Insight: For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. For CVE-2021-44142, All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. For CVE-2022-0336, The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'samba' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-20316 https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2021-20316 https://bugzilla.redhat.com/show_bug.cgi?id=2009673 https://bugzilla.samba.org/show_bug.cgi?id=14842 https://security-tracker.debian.org/tracker/CVE-2021-20316 https://www.samba.org/samba/security/CVE-2021-20316.html Common Vulnerability Exposure (CVE) ID: CVE-2021-44141 https://www.samba.org/samba/security/CVE-2021-44141.html Common Vulnerability Exposure (CVE) ID: CVE-2021-44142 CERT/CC vulnerability note: https://kb.cert.org/vuls/id/119678 https://kb.cert.org/vuls/id/119678 https://bugzilla.samba.org/show_bug.cgi?id=14914 https://www.samba.org/samba/security/CVE-2021-44142.html https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin Common Vulnerability Exposure (CVE) ID: CVE-2022-0336 https://access.redhat.com/security/cve/CVE-2022-0336 https://bugzilla.redhat.com/show_bug.cgi?id=2046134 https://bugzilla.samba.org/show_bug.cgi?id=14950 https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400 https://www.samba.org/samba/security/CVE-2022-0336.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |