OpenVAS: RHEL 4 Update for Samba CVE-2010-0547 – DRAFT

###############################################################################
# OpenVAS Vulnerability Test
#
# RHEL 4 Update for Samba CVE-2010-0547 – DRAFT
# firebits_CVE_2010_0547_samba_RHEL4_all.nasl
#
#
# Authors:
# System Generated Check
# Mauro Risonho de Paula Assumpção aka firebits
# mauro.risonho@gmail.com
# firebitsbr@wald.intevation.org
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
# Copyright (c) 2013 NONAMESEC Security Systems, http://www.nonamesec.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

desc = ”

Vulnerability Insight:

CVE-2010-0547 samba: mount.cifs improper device name and mountpoint
strings sanitization
The MITRE CVE dictionary describes this issue as:

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
does not verify that the (1) device name and (2) mountpoint strings are
composed of valid characters, which allows local users to cause a
denial of service (mtab corruption) via a crafted string.

Affected Software/OS:
cifs on Red Hat Enterprise Linux version 4 (samba)

Fix: Please Install the Updated Packages.

References:
https://access.redhat.com/security/cve/CVE-2010-0547
http://rpmfind.net/linux/rpm2html/search.php?query=samba”;

if(description)
{
script_id(880323);
script_version(“$Revision: 12798 $”);
script_tag(name:”check_type”, value:”authenticated package test”);
script_tag(name:”last_modification”, value:”$Date: 2013-07-11 18:03:54 GMT-03:00 0 Brazil, São Paulo (Thu, 11 Jul 2013) $”);
script_tag(name:”creation_date”, value:”2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)”);
script_tag(name:”cvss_base”, value:”2.6″);
script_tag(name:”cvss_base_vector”, value:”AV:N/AC:L/Au:N/C:N/I:N/A:P”);
script_tag(name:”risk_factor”, value:”Low”);
script_xref(name: “CVE”, value: “2010-0547”);
script_cve_id(“CVE-2010-0547”);
script_name( “Red Hat Enterprise Linux version 4 Update for samba CVE-2010-0547 RHEL4”);

script_description(desc);
script_summary(“Check for the Version of Samba”);
script_category(ACT_GATHER_INFO);
script_copyright(“Copyright (C) 2009 Greenbone Networks GmbH / Copyright (C) 2013 NoNameSEC Security Systems, Ltd”);
script_family(“RHEL Local Security Checks”);
script_dependencies(“gather-package-list.nasl”);
script_mandatory_keys(“HostDetails/OS/cpe:/o:redhat:redhat”, “login/SSH/success”, “ssh/login/release”);
exit(0);
}
include(“pkg-lib-rpm.inc”);
include(“revisions-lib.inc”);

release = get_kb_item(“ssh/login/release”);
res = “”;
if(release == NULL){
exit(0);
}

if(release == “Nahant”)
{

if ((res = isrpmvuln(pkg:”samba”, rpm:”samba-3.0.33-3.36.el4″, rls:”Nahant”)) != NULL)

{
security_warning(data:res + ‘\n’ + desc);
exit(0);
}

if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s