###############################################################################
# OpenVAS Vulnerability Test
#
# RHEL 4 Update for Samba CVE-2010-0547 – DRAFT
# firebits_CVE_2010_0547_samba_RHEL4_all.nasl
#
#
# Authors:
# System Generated Check
# Mauro Risonho de Paula Assumpção aka firebits
# mauro.risonho@gmail.com
# firebitsbr@wald.intevation.org
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
# Copyright (c) 2013 NONAMESEC Security Systems, http://www.nonamesec.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
desc = ”
Vulnerability Insight:
CVE-2010-0547 samba: mount.cifs improper device name and mountpoint
strings sanitization
The MITRE CVE dictionary describes this issue as:
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier
does not verify that the (1) device name and (2) mountpoint strings are
composed of valid characters, which allows local users to cause a
denial of service (mtab corruption) via a crafted string.
Affected Software/OS:
cifs on Red Hat Enterprise Linux version 4 (samba)
Fix: Please Install the Updated Packages.
References:
https://access.redhat.com/security/cve/CVE-2010-0547
http://rpmfind.net/linux/rpm2html/search.php?query=samba”;
if(description)
{
script_id(880323);
script_version(“$Revision: 12798 $”);
script_tag(name:”check_type”, value:”authenticated package test”);
script_tag(name:”last_modification”, value:”$Date: 2013-07-11 18:03:54 GMT-03:00 0 Brazil, São Paulo (Thu, 11 Jul 2013) $”);
script_tag(name:”creation_date”, value:”2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)”);
script_tag(name:”cvss_base”, value:”2.6″);
script_tag(name:”cvss_base_vector”, value:”AV:N/AC:L/Au:N/C:N/I:N/A:P”);
script_tag(name:”risk_factor”, value:”Low”);
script_xref(name: “CVE”, value: “2010-0547”);
script_cve_id(“CVE-2010-0547”);
script_name( “Red Hat Enterprise Linux version 4 Update for samba CVE-2010-0547 RHEL4”);
script_description(desc);
script_summary(“Check for the Version of Samba”);
script_category(ACT_GATHER_INFO);
script_copyright(“Copyright (C) 2009 Greenbone Networks GmbH / Copyright (C) 2013 NoNameSEC Security Systems, Ltd”);
script_family(“RHEL Local Security Checks”);
script_dependencies(“gather-package-list.nasl”);
script_mandatory_keys(“HostDetails/OS/cpe:/o:redhat:redhat”, “login/SSH/success”, “ssh/login/release”);
exit(0);
}
include(“pkg-lib-rpm.inc”);
include(“revisions-lib.inc”);
release = get_kb_item(“ssh/login/release”);
res = “”;
if(release == NULL){
exit(0);
}
if(release == “Nahant”)
{
if ((res = isrpmvuln(pkg:”samba”, rpm:”samba-3.0.33-3.36.el4″, rls:”Nahant”)) != NULL)
{
security_warning(data:res + ‘\n’ + desc);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
VSLA - Virtual Security Labs Anywhere 