5 - CVE-2013-4124

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2013-4124	First vendor Publication	2013-08-05
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19319

Oval ID:	oval:org.mitre.oval:def:19319
Title:	USN-1966-1 -- samba vulnerability
Description:	Samba could be made to hang if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1966-1 CVE-2013-4124	Version:	5
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	samba
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND samba DPKG is earlier than 2:3.6.9-1ubuntu1.1 AND Release section Ubuntu 12.10 is installed AND samba DPKG is earlier than 2:3.6.6-3ubuntu5.2 AND Release section Ubuntu 12.04 is installed AND samba DPKG is earlier than 2:3.6.3-2ubuntu2.8 AND Release section Ubuntu 10.04 is installed AND samba DPKG is earlier than 2:3.4.7~dfsg-1ubuntu3.12

Definition Id: oval:org.mitre.oval:def:23548

Oval ID:	oval:org.mitre.oval:def:23548
Title:	RHSA-2014:0305: samba security update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0305-00 CESA-2014:0305 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	13
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	samba
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section samba-swat is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient-devel is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient is earlier than 0:3.0.33-3.40.el5_10 AND samba-client is earlier than 0:3.0.33-3.40.el5_10 AND samba is earlier than 0:3.0.33-3.40.el5_10 AND samba-common is earlier than 0:3.0.33-3.40.el5_10

Definition Id: oval:org.mitre.oval:def:24306

Oval ID:	oval:org.mitre.oval:def:24306
Title:	ELSA-2014:0305: samba security update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0305-00 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	7
Platform(s):	Oracle Linux 5	Product(s):	samba
Definition Synopsis:
Oracle Linux 5.x rpm test samba-swat is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient-devel is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient is earlier than 0:3.0.33-3.40.el5_10 AND samba-client is earlier than 0:3.0.33-3.40.el5_10 AND samba is earlier than 0:3.0.33-3.40.el5_10 AND samba-common is earlier than 0:3.0.33-3.40.el5_10

Definition Id: oval:org.mitre.oval:def:25565

Oval ID:	oval:org.mitre.oval:def:25565
Title:	SUSE-SU-2013:1469-1 -- Security update for Samba
Description:	The Samba server suite received a security update to fix a denial of service problem in integer wrap protection.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1469-1 CVE-2013-4124	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Samba
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed AND ldapsmb RPM is earlier than 0:1.34b-12.33.35.1 AND SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libldb1 RPM is earlier than 0:3.6.3-0.33.35.1 AND libsmbclient0 RPM is earlier than 0:3.6.3-0.33.35.1 AND libtalloc1 RPM is earlier than 0:3.4.3-1.46.2 AND libtalloc2 RPM is earlier than 0:3.6.3-0.33.35.1 AND libtdb1 RPM is earlier than 0:3.6.3-0.33.35.1 AND libtevent0 RPM is earlier than 0:3.6.3-0.33.35.1 AND libwbclient0 RPM is earlier than 0:3.6.3-0.33.35.1 AND samba RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-client RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-krb-printing RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-winbind RPM is earlier than 0:3.6.3-0.33.35.1 AND libsmbclient0-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND libtalloc1-32bit RPM is earlier than 0:3.4.3-1.46.2 AND libtalloc2-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND libtdb1-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND libtevent0-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND libwbclient0-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-client-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-winbind-32bit RPM is earlier than 0:3.6.3-0.33.35.1 AND samba-doc RPM is earlier than 0:3.6.3-0.33.35.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND libldb1-32bit RPM is earlier than 0:3.6.3-0.33.35.1

Definition Id: oval:org.mitre.oval:def:25668

Oval ID:	oval:org.mitre.oval:def:25668
Title:	RHSA-2013-1542: samba security, bug fix and enhancement update (Moderate)
Description:	These updated samba packages include numerous bug fixes and one element.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1542-02 CESA-2013:1542 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	samba
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section samba-client is earlier than 0:3.6.9-164.el6 AND samba-domainjoin-gui is earlier than 0:3.6.9-164.el6 AND samba is earlier than 0:3.6.9-164.el6 AND samba-winbind is earlier than 0:3.6.9-164.el6 AND samba-common is earlier than 0:3.6.9-164.el6 AND samba-doc is earlier than 0:3.6.9-164.el6 AND libsmbclient-devel is earlier than 0:3.6.9-164.el6 AND samba-winbind-clients is earlier than 0:3.6.9-164.el6 AND samba-winbind-devel is earlier than 0:3.6.9-164.el6 AND libsmbclient is earlier than 0:3.6.9-164.el6 AND samba-swat is earlier than 0:3.6.9-164.el6 AND samba-winbind-krb5-locator is earlier than 0:3.6.9-164.el6

Definition Id: oval:org.mitre.oval:def:25773

Oval ID:	oval:org.mitre.oval:def:25773
Title:	SUSE-SU-2013:1468-1 -- Security update for Samba
Description:	The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124). Additionally, the following stability fixes are included in this update: * Fix libreplace license ambiguity. (bnc#765270) * Document idmap_ad rfc2307 attribute requirements. (bnc#820531) * The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20. (bnc#806501). Security Issue reference: * CVE-2013-4124 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1468-1 CVE-2013-4124	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Samba
Definition Synopsis:
SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed AND ldapsmb RPM is earlier than 0:1.34b-12.42.1 AND SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libldb1 RPM is earlier than 0:3.6.3-0.42.1 AND libsmbclient0 RPM is earlier than 0:3.6.3-0.42.1 AND libtalloc2 RPM is earlier than 0:3.6.3-0.42.1 AND libtdb1 RPM is earlier than 0:3.6.3-0.42.1 AND libtevent0 RPM is earlier than 0:3.6.3-0.42.1 AND libwbclient0 RPM is earlier than 0:3.6.3-0.42.1 AND samba RPM is earlier than 0:3.6.3-0.42.1 AND samba-client RPM is earlier than 0:3.6.3-0.42.1 AND samba-krb-printing RPM is earlier than 0:3.6.3-0.42.1 AND samba-winbind RPM is earlier than 0:3.6.3-0.42.1 AND libsmbclient0-32bit RPM is earlier than 0:3.6.3-0.42.1 AND libtalloc2-32bit RPM is earlier than 0:3.6.3-0.42.1 AND libtdb1-32bit RPM is earlier than 0:3.6.3-0.42.1 AND libtevent0-32bit RPM is earlier than 0:3.6.3-0.42.1 AND libwbclient0-32bit RPM is earlier than 0:3.6.3-0.42.1 AND samba-32bit RPM is earlier than 0:3.6.3-0.42.1 AND samba-client-32bit RPM is earlier than 0:3.6.3-0.42.1 AND samba-winbind-32bit RPM is earlier than 0:3.6.3-0.42.1 AND samba-doc RPM is earlier than 0:3.6.3-0.42.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND libldb1-32bit RPM is earlier than 0:3.6.3-0.42.1

Definition Id: oval:org.mitre.oval:def:26024

Oval ID:	oval:org.mitre.oval:def:26024
Title:	RHSA-2013:1543: samba4 security and bug fix update (Moderate)
Description:	Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1543-02 CESA-2013:1543 CVE-2013-4124	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	samba4
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section samba4-winbind-krb5-locator is earlier than 0:4.0.0-58.el6.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-58.el6.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-58.el6.rc4 AND samba4-pidl is earlier than 0:4.0.0-58.el6.rc4 AND samba4-swat is earlier than 0:4.0.0-58.el6.rc4 AND samba4-libs is earlier than 0:4.0.0-58.el6.rc4 AND samba4-test is earlier than 0:4.0.0-58.el6.rc4 AND samba4-python is earlier than 0:4.0.0-58.el6.rc4 AND samba4-common is earlier than 0:4.0.0-58.el6.rc4 AND samba4-dc is earlier than 0:4.0.0-58.el6.rc4 AND samba4 is earlier than 0:4.0.0-58.el6.rc4 AND samba4-client is earlier than 0:4.0.0-58.el6.rc4 AND samba4-winbind is earlier than 0:4.0.0-58.el6.rc4 AND samba4-devel is earlier than 0:4.0.0-58.el6.rc4

Definition Id: oval:org.mitre.oval:def:26470

Oval ID:	oval:org.mitre.oval:def:26470
Title:	HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
Description:	Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-4124	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.31 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.02.02 AND CIFS-Server.CIFS-ADMIN version is less than A.03.02.02 AND CIFS-Server.CIFS-DOC version is less than A.03.02.02 AND CIFS-Server.CIFS-LIB version is less than A.03.02.02 AND CIFS-Server.CIFS-RUN version is less than A.03.02.02 AND CIFS-Server.CIFS-UTIL version is less than A.03.02.02 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.31 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.02.01 AND CIFS-Server.CIFS-ADMIN version is less than A.03.02.01 AND CIFS-Server.CIFS-DOC version is less than A.03.02.01 AND CIFS-Server.CIFS-LIB version is less than A.03.02.01 AND CIFS-Server.CIFS-RUN version is less than A.03.02.01 AND CIFS-Server.CIFS-UTIL version is less than A.03.02.01 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.31 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.02.00 AND CIFS-Server.CIFS-ADMIN version is less than A.03.02.00 AND CIFS-Server.CIFS-DOC version is less than A.03.02.00 AND CIFS-Server.CIFS-LIB version is less than A.03.02.00 AND CIFS-Server.CIFS-RUN version is less than A.03.02.00 AND CIFS-Server.CIFS-UTIL version is less than A.03.02.00 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.31 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.01.06 AND CIFS-Server.CIFS-ADMIN version is less than A.03.01.06 AND CIFS-Server.CIFS-DOC version is less than A.03.01.06 AND CIFS-Server.CIFS-LIB version is less than A.03.01.06 AND CIFS-Server.CIFS-RUN version is less than A.03.01.06 AND CIFS-CFSM.CFSM-KRN version is less than A.03.01.06 AND CIFS-CFSM.CFSM-RUN version is less than A.03.01.06 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.31 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.01.05 AND CIFS-Server.CIFS-ADMIN version is less than A.03.01.05 AND CIFS-Server.CIFS-DOC version is less than A.03.01.05 AND CIFS-Server.CIFS-LIB version is less than A.03.01.05 AND CIFS-Server.CIFS-RUN version is less than A.03.01.05 AND CIFS-Server.CIFS-UTIL version is less than A.03.01.05 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.23 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.02.02 AND CIFS-Server.CIFS-ADMIN version is less than A.03.02.02 AND CIFS-Server.CIFS-DOC version is less than A.03.02.02 AND CIFS-Server.CIFS-LIB version is less than A.03.02.02 AND CIFS-Server.CIFS-RUN version is less than A.03.02.02 AND CIFS-Server.CIFS-UTIL version is less than A.03.02.02 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.23 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.02.00 AND CIFS-Server.CIFS-ADMIN version is less than A.03.02.00 AND CIFS-Server.CIFS-DOC version is less than A.03.02.00 AND CIFS-Server.CIFS-LIB version is less than A.03.02.00 AND CIFS-Server.CIFS-RUN version is less than A.03.02.00 AND CIFS-Server.CIFS-UTIL version is less than A.03.02.00 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.23 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.01.07 AND CIFS-Server.CIFS-ADMIN version is less than A.03.01.07 AND CIFS-Server.CIFS-DOC version is less than A.03.01.07 AND CIFS-Server.CIFS-LIB version is less than A.03.01.07 AND CIFS-Server.CIFS-RUN version is less than A.03.01.07 AND CIFS-Server.CIFS-UTIL version is less than A.03.01.07 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.23 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.03.01.05 AND CIFS-Server.CIFS-ADMIN version is less than A.03.01.05 AND CIFS-Server.CIFS-DOC version is less than A.03.01.05 AND CIFS-Server.CIFS-LIB version is less than A.03.01.05 AND CIFS-Server.CIFS-RUN version is less than A.03.01.05 AND CIFS-Server.CIFS-UTIL version is less than A.03.01.05 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.11 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.02.04.06 AND CIFS-Server.CIFS-ADMIN version is less than A.02.04.06 AND CIFS-Server.CIFS-DOC version is less than A.02.04.06 AND CIFS-Server.CIFS-LIB version is less than A.02.04.06 AND CIFS-Server.CIFS-RUN version is less than A.02.04.06 AND CIFS-Server.CIFS-UTIL version is less than A.02.04.06 OR Criteria meets HP Security Bulletin HPSBUX03087 HP-UX B.11.11 AND filesets tests CIFS-Development.CIFS-PRG version is less than A.02.03.06 AND CIFS-Server.CIFS-ADMIN version is less than A.02.03.06 AND CIFS-Server.CIFS-DOC version is less than A.02.03.06 AND CIFS-Server.CIFS-LIB version is less than A.02.03.06 AND CIFS-Server.CIFS-RUN version is less than A.02.03.06 AND CIFS-Server.CIFS-UTIL version is less than A.02.03.06

Definition Id: oval:org.mitre.oval:def:26482

Oval ID:	oval:org.mitre.oval:def:26482
Title:	HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code
Description:	Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-4124	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.11 AND filesets test CIFS-Development.CIFS-PRG version is less than A.02.04.07 AND CIFS-Server.CIFS-ADMIN version is less than A.02.04.07 AND CIFS-Server.CIFS-DOC version is less than A.02.04.07 AND CIFS-Server.CIFS-LIB version is less than A.02.04.07 AND CIFS-Server.CIFS-RUN version is less than A.02.04.07 AND CIFS-Server.CIFS-UTIL version is less than A.02.04.07

Definition Id: oval:org.mitre.oval:def:26876

Oval ID:	oval:org.mitre.oval:def:26876
Title:	DEPRECATED: ELSA-2014-0305 -- samba security update (moderate)
Description:	[3.0.33-3.40.el5] - Security Release, fixes CVE-2013-0213 and CVE-2013-4124 - resolves: #1073350
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0305 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	samba
Definition Synopsis:
Oracle Linux 5.x Packages match section samba is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient is earlier than 0:3.0.33-3.40.el5_10 AND libsmbclient-devel is earlier than 0:3.0.33-3.40.el5_10 AND samba-client is earlier than 0:3.0.33-3.40.el5_10 AND samba-common is earlier than 0:3.0.33-3.40.el5_10 AND samba-swat is earlier than 0:3.0.33-3.40.el5_10

Definition Id: oval:org.mitre.oval:def:27199

Oval ID:	oval:org.mitre.oval:def:27199
Title:	RHSA-2013:1310 -- samba3x security and bug fix update (Moderate)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:1310 CESA-2013:1310 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	samba3x
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 AND samba3x-debuginfo is earlier than 0:3.6.6-0.136.el5 AND Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section samba3x-winbind-devel is earlier than 0:3.6.6-0.136.el5 AND samba3x is earlier than 0:3.6.6-0.136.el5 AND samba3x-client is earlier than 0:3.6.6-0.136.el5 AND samba3x-common is earlier than 0:3.6.6-0.136.el5 AND samba3x-doc is earlier than 0:3.6.6-0.136.el5 AND samba3x-domainjoin-gui is earlier than 0:3.6.6-0.136.el5 AND samba3x-swat is earlier than 0:3.6.6-0.136.el5 AND samba3x-winbind is earlier than 0:3.6.6-0.136.el5

Definition Id: oval:org.mitre.oval:def:27234

Oval ID:	oval:org.mitre.oval:def:27234
Title:	ELSA-2013-1542 -- samba security, bug fix, and enhancement update (moderate)
Description:	[3.6.9-164] - resolves: #1008574 - Fix offline logon cache not updating for cross child domain group membership.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1542 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	samba
Definition Synopsis:
Oracle Linux 6.x Packages match section samba is earlier than 0:3.6.9-164.el6 AND libsmbclient is earlier than 0:3.6.9-164.el6 AND libsmbclient-devel is earlier than 0:3.6.9-164.el6 AND samba-client is earlier than 0:3.6.9-164.el6 AND samba-common is earlier than 0:3.6.9-164.el6 AND samba-doc is earlier than 0:3.6.9-164.el6 AND samba-domainjoin-gui is earlier than 0:3.6.9-164.el6 AND samba-swat is earlier than 0:3.6.9-164.el6 AND samba-winbind is earlier than 0:3.6.9-164.el6 AND samba-winbind-clients is earlier than 0:3.6.9-164.el6 AND samba-winbind-devel is earlier than 0:3.6.9-164.el6 AND samba-winbind-krb5-locator is earlier than 0:3.6.9-164.el6

Definition Id: oval:org.mitre.oval:def:27317

Oval ID:	oval:org.mitre.oval:def:27317
Title:	ELSA-2013-1543 -- samba4 security and bug fix update (moderate)
Description:	[4.0.0-58.rc4] - Fix winbind lsat reconnection code, avoids ntlmv2-only session setup problems - resolves: #949993 [4.0.0-57.rc4] - resolves: #984809 - CVE-2013-4124: DoS via integer overflow when reading an EA list [4.0.0-56.rc4] - Fix libwbclient.so.0 symlink. - resolves: #882338 - Fix correct linking of libreplace with cmdline-credentials. - resolves: #911264
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1543 CVE-2013-4124	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	samba4
Definition Synopsis:
Oracle Linux 6.x Packages match section samba4 is earlier than 0:4.0.0-58.el6.rc4 AND samba4-client is earlier than 0:4.0.0-58.el6.rc4 AND samba4-common is earlier than 0:4.0.0-58.el6.rc4 AND samba4-dc is earlier than 0:4.0.0-58.el6.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-58.el6.rc4 AND samba4-devel is earlier than 0:4.0.0-58.el6.rc4 AND samba4-libs is earlier than 0:4.0.0-58.el6.rc4 AND samba4-pidl is earlier than 0:4.0.0-58.el6.rc4 AND samba4-python is earlier than 0:4.0.0-58.el6.rc4 AND samba4-swat is earlier than 0:4.0.0-58.el6.rc4 AND samba4-test is earlier than 0:4.0.0-58.el6.rc4 AND samba4-winbind is earlier than 0:4.0.0-58.el6.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-58.el6.rc4 AND samba4-winbind-krb5-locator is earlier than 0:4.0.0-58.el6.rc4

Definition Id: oval:org.mitre.oval:def:27443

Oval ID:	oval:org.mitre.oval:def:27443
Title:	ELSA-2013-1310 -- samba3x security and bug fix update (moderate)
Description:	[3.6.6-0.136] - resolves: #984807 - CVE-2013-4124: DoS via integer overflow when reading an EA list
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-1310 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124	Version:	3
Platform(s):	Oracle Linux 5	Product(s):	samba3x
Definition Synopsis:
Oracle Linux 5.x Packages match section samba3x is earlier than 0:3.6.6-0.136.el5 AND samba3x-client is earlier than 0:3.6.6-0.136.el5 AND samba3x-common is earlier than 0:3.6.6-0.136.el5 AND samba3x-doc is earlier than 0:3.6.6-0.136.el5 AND samba3x-domainjoin-gui is earlier than 0:3.6.6-0.136.el5 AND samba3x-swat is earlier than 0:3.6.6-0.136.el5 AND samba3x-winbind is earlier than 0:3.6.6-0.136.el5 AND samba3x-winbind-devel is earlier than 0:3.6.6-0.136.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Samba cpe:2.3:a:samba:samba:4.0.7:::::::* cpe:2.3:a:samba:samba:4.0.6:::::::* cpe:2.3:a:samba:samba:4.0.5:::::::* cpe:2.3:a:samba:samba:4.0.4:::::::* cpe:2.3:a:samba:samba:4.0.3:::::::* cpe:2.3:a:samba:samba:4.0.2:::::::* cpe:2.3:a:samba:samba:4.0.1:::::::* cpe:2.3:a:samba:samba:4.0.0:::::::* cpe:2.3:a:samba:samba:3.6.9:::::::* cpe:2.3:a:samba:samba:3.6.8:::::::* cpe:2.3:a:samba:samba:3.6.7:::::::* cpe:2.3:a:samba:samba:3.6.6:::::::* cpe:2.3:a:samba:samba:3.6.5:::::::* cpe:2.3:a:samba:samba:3.6.4:::::::* cpe:2.3:a:samba:samba:3.6.3:::::::* cpe:2.3:a:samba:samba:3.6.2:::::::* cpe:2.3:a:samba:samba:3.6.16:::::::* cpe:2.3:a:samba:samba:3.6.15:::::::* cpe:2.3:a:samba:samba:3.6.14:::::::* cpe:2.3:a:samba:samba:3.6.13:::::::* cpe:2.3:a:samba:samba:3.6.12:::::::* cpe:2.3:a:samba:samba:3.6.11:::::::* cpe:2.3:a:samba:samba:3.6.10:::::::* cpe:2.3:a:samba:samba:3.6.1:::::::* cpe:2.3:a:samba:samba:3.6.0:::::::* cpe:2.3:a:samba:samba:3.5.21:::::::* cpe:2.3:a:samba:samba:3.5.20:::::::* cpe:2.3:a:samba:samba:3.5.2:::::::* cpe:2.3:a:samba:samba:3.5.19:::::::* cpe:2.3:a:samba:samba:3.5.18:::::::* cpe:2.3:a:samba:samba:3.5.17:::::::* cpe:2.3:a:samba:samba:3.5.16:::::::* cpe:2.3:a:samba:samba:3.5.15:::::::* cpe:2.3:a:samba:samba:3.5.14:::::::* cpe:2.3:a:samba:samba:3.5.13:::::::* cpe:2.3:a:samba:samba:3.5.12:::::::* cpe:2.3:a:samba:samba:3.5.11:::::::* cpe:2.3:a:samba:samba:3.5.10:::::::* cpe:2.3:a:samba:samba:3.5.1:::::::* cpe:2.3:a:samba:samba:3.5.0:::::::* cpe:2.3:a:samba:samba:3.4.9:::::::* cpe:2.3:a:samba:samba:3.4.8:::::::* cpe:2.3:a:samba:samba:3.4.7:::::::* cpe:2.3:a:samba:samba:3.4.6:::::::* cpe:2.3:a:samba:samba:3.4.5:::::::* cpe:2.3:a:samba:samba:3.4.4:::::::* cpe:2.3:a:samba:samba:3.4.3:::::::* cpe:2.3:a:samba:samba:3.4.2:::::::* cpe:2.3:a:samba:samba:3.4.17:::::::* cpe:2.3:a:samba:samba:3.4.16:::::::* cpe:2.3:a:samba:samba:3.4.15:::::::* cpe:2.3:a:samba:samba:3.4.14:::::::* cpe:2.3:a:samba:samba:3.4.13:::::::* cpe:2.3:a:samba:samba:3.4.12:::::::* cpe:2.3:a:samba:samba:3.4.11:::::::* cpe:2.3:a:samba:samba:3.4.10:::::::* cpe:2.3:a:samba:samba:3.4.1:::::::* cpe:2.3:a:samba:samba:3.4.0:::::::* cpe:2.3:a:samba:samba:3.3.9:::::::* cpe:2.3:a:samba:samba:3.3.8:::::::* cpe:2.3:a:samba:samba:3.3.7:::::::* cpe:2.3:a:samba:samba:3.3.6:::::::* cpe:2.3:a:samba:samba:3.3.5:::::::* cpe:2.3:a:samba:samba:3.3.4:::::::* cpe:2.3:a:samba:samba:3.3.3:::::::* cpe:2.3:a:samba:samba:3.3.2:::::::* cpe:2.3:a:samba:samba:3.3.16:::::::* cpe:2.3:a:samba:samba:3.3.15:::::::* cpe:2.3:a:samba:samba:3.3.14:::::::* cpe:2.3:a:samba:samba:3.3.13:::::::* cpe:2.3:a:samba:samba:3.3.12:::::::* cpe:2.3:a:samba:samba:3.3.11:::::::* cpe:2.3:a:samba:samba:3.3.10:::::::* cpe:2.3:a:samba:samba:3.3.1:::::::* cpe:2.3:a:samba:samba:3.3.0:::::::* cpe:2.3:a:samba:samba:3.2.9:::::::* cpe:2.3:a:samba:samba:3.2.8:::::::* cpe:2.3:a:samba:samba:3.2.7:::::::* cpe:2.3:a:samba:samba:3.2.6:::::::* cpe:2.3:a:samba:samba:3.2.5:::::::* cpe:2.3:a:samba:samba:3.2.4:::::::* cpe:2.3:a:samba:samba:3.2.3:::::::* cpe:2.3:a:samba:samba:3.2.2:::::::* cpe:2.3:a:samba:samba:3.2.15:::::::* cpe:2.3:a:samba:samba:3.2.14:::::::* cpe:2.3:a:samba:samba:3.2.13:::::::* cpe:2.3:a:samba:samba:3.2.12:::::::* cpe:2.3:a:samba:samba:3.2.11:::::::* cpe:2.3:a:samba:samba:3.2.10:::::::* cpe:2.3:a:samba:samba:3.2.1:::::::* cpe:2.3:a:samba:samba:3.2.0:::::::* cpe:2.3:a:samba:samba:3.1.0:::::::* cpe:2.3:a:samba:samba:3.0.9:::::::* cpe:2.3:a:samba:samba:3.0.8:::::::* cpe:2.3:a:samba:samba:3.0.7:::::::* cpe:2.3:a:samba:samba:3.0.6:::::::* cpe:2.3:a:samba:samba:3.0.5:::::::* cpe:2.3:a:samba:samba:3.0.4:rc1:::::: cpe:2.3:a:samba:samba:3.0.4:-:::::: cpe:2.3:a:samba:samba:3.0.37:::::::* cpe:2.3:a:samba:samba:3.0.36:::::::* cpe:2.3:a:samba:samba:3.0.35:::::::* cpe:2.3:a:samba:samba:3.0.34:::::::* cpe:2.3:a:samba:samba:3.0.33:::::::* cpe:2.3:a:samba:samba:3.0.32:::::::* cpe:2.3:a:samba:samba:3.0.31:::::::* cpe:2.3:a:samba:samba:3.0.30:::::::* cpe:2.3:a:samba:samba:3.0.3:::::::* cpe:2.3:a:samba:samba:3.0.2a:::::::* cpe:2.3:a:samba:samba:3.0.29:::::::* cpe:2.3:a:samba:samba:3.0.28:-:::::: cpe:2.3:a:samba:samba:3.0.28:a:::::: cpe:2.3:a:samba:samba:3.0.27:-:::::: cpe:2.3:a:samba:samba:3.0.27:a:::::: cpe:2.3:a:samba:samba:3.0.26a:::::::* cpe:2.3:a:samba:samba:3.0.26:a:::::: cpe:2.3:a:samba:samba:3.0.26:-:::::: cpe:2.3:a:samba:samba:3.0.25c:::::::* cpe:2.3:a:samba:samba:3.0.25b:::::::* cpe:2.3:a:samba:samba:3.0.25a:::::::* cpe:2.3:a:samba:samba:3.0.25:rc2:::::: cpe:2.3:a:samba:samba:3.0.25:rc3:::::: cpe:2.3:a:samba:samba:3.0.25:pre1:::::: cpe:2.3:a:samba:samba:3.0.25:rc1:::::: cpe:2.3:a:samba:samba:3.0.25:-:::::: cpe:2.3:a:samba:samba:3.0.25:a:::::: cpe:2.3:a:samba:samba:3.0.25:pre2:::::: cpe:2.3:a:samba:samba:3.0.25:c:::::: cpe:2.3:a:samba:samba:3.0.25:b:::::: cpe:2.3:a:samba:samba:3.0.24:::::::* cpe:2.3:a:samba:samba:3.0.23d:::::::* cpe:2.3:a:samba:samba:3.0.23c:::::::* cpe:2.3:a:samba:samba:3.0.23b:::::::* cpe:2.3:a:samba:samba:3.0.23a:::::::* cpe:2.3:a:samba:samba:3.0.23:-:::::: cpe:2.3:a:samba:samba:3.0.23:a:::::: cpe:2.3:a:samba:samba:3.0.23:d:::::: cpe:2.3:a:samba:samba:3.0.23:c:::::: cpe:2.3:a:samba:samba:3.0.23:b:::::: cpe:2.3:a:samba:samba:3.0.22:::::::* cpe:2.3:a:samba:samba:3.0.21c:::::::* cpe:2.3:a:samba:samba:3.0.21b:::::::* cpe:2.3:a:samba:samba:3.0.21a:::::::* cpe:2.3:a:samba:samba:3.0.21:-:::::: cpe:2.3:a:samba:samba:3.0.21:a:::::: cpe:2.3:a:samba:samba:3.0.21:c:::::: cpe:2.3:a:samba:samba:3.0.21:b:::::: cpe:2.3:a:samba:samba:3.0.20b:::::::* cpe:2.3:a:samba:samba:3.0.20a:::::::* cpe:2.3:a:samba:samba:3.0.20:b:::::: cpe:2.3:a:samba:samba:3.0.20:-:::::: cpe:2.3:a:samba:samba:3.0.20:a:::::: cpe:2.3:a:samba:samba:3.0.2:a:::::: cpe:2.3:a:samba:samba:3.0.2:-:::::: cpe:2.3:a:samba:samba:3.0.19:::::::* cpe:2.3:a:samba:samba:3.0.18:::::::* cpe:2.3:a:samba:samba:3.0.17:::::::* cpe:2.3:a:samba:samba:3.0.16:::::::* cpe:2.3:a:samba:samba:3.0.15:::::::* cpe:2.3:a:samba:samba:3.0.14a:::::::* cpe:2.3:a:samba:samba:3.0.14:-:::::: cpe:2.3:a:samba:samba:3.0.14:a:::::: cpe:2.3:a:samba:samba:3.0.13:::::::* cpe:2.3:a:samba:samba:3.0.12:::::::* cpe:2.3:a:samba:samba:3.0.11:::::::* cpe:2.3:a:samba:samba:3.0.10:::::::* cpe:2.3:a:samba:samba:3.0.1:::::::* cpe:2.3:a:samba:samba:3.0.0:::::::*	168
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::	4
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:19:::::::* cpe:2.3:o:fedoraproject:fedora:18:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::*	2
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:5:::::::*	1

ExploitDB Exploits

id	Description
2013-08-22	Samba nttrans Reply - Integer Overflow Vulnerability

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-08-08	IAVM : 2013-B-0082 - Samba Denial of Service Vulnerability Severity : Category I - VMSKEY : V0039910

Nessus® Vulnerability Scanner

Date	Description
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0723-1.nasl - Type : ACT_GATHER_INFO
2015-02-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-15.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_samba_20140102.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-9132.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-651.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-644.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140317_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_samba_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-11-27	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-10-11	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130930_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-09	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-10-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-09-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1966-1.nasl - Type : ACT_GATHER_INFO
2013-09-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-130806.nasl - Type : ACT_GATHER_INFO
2013-09-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_cifs-mount-130807.nasl - Type : ACT_GATHER_INFO
2013-08-15	Name : The remote Fedora host is missing a security update. File : fedora_2013-14355.nasl - Type : ACT_GATHER_INFO
2013-08-10	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e21c7c7a011611e39e833c970e169bc2.nasl - Type : ACT_GATHER_INFO
2013-08-10	Name : The remote Fedora host is missing a security update. File : fedora_2013-14312.nasl - Type : ACT_GATHER_INFO
2013-08-08	Name : The remote Samba server is affected by a denial of service vulnerability. File : samba_4_0_8.nasl - Type : ACT_GATHER_INFO
2013-08-07	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-218-03.nasl - Type : ACT_GATHER_INFO
2013-08-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-207.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591....
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011....
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864....
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://osvdb.org/95969
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2013-1543.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://secunia.com/advisories/54519
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/security/CVE-2013-4124
http://www.securitytracker.com/id/1028882
http://www.ubuntu.com/usn/USN-1966-1
https://bugzilla.redhat.com/show_bug.cgi?id=984401
https://exchange.xforce.ibmcloud.com/vulnerabilities/86185

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:36:08	Multiple Updates
2024-08-02 12:24:43	Multiple Updates
2024-08-02 01:07:23	Multiple Updates
2024-02-02 01:24:00	Multiple Updates
2024-02-01 12:07:09	Multiple Updates
2023-09-05 12:22:41	Multiple Updates
2023-09-05 01:07:03	Multiple Updates
2023-09-02 12:22:43	Multiple Updates
2023-09-02 01:07:08	Multiple Updates
2023-08-22 12:20:27	Multiple Updates
2022-10-11 01:06:49	Multiple Updates
2021-05-04 12:27:06	Multiple Updates
2021-04-22 01:32:48	Multiple Updates
2020-05-23 13:17:03	Multiple Updates
2020-05-23 00:37:52	Multiple Updates
2018-10-31 00:20:32	Multiple Updates
2018-01-26 12:04:58	Multiple Updates
2017-08-29 09:24:18	Multiple Updates
2017-01-11 13:25:28	Multiple Updates
2017-01-07 09:25:12	Multiple Updates
2016-08-23 09:24:48	Multiple Updates
2016-06-28 19:38:22	Multiple Updates
2016-04-26 23:30:22	Multiple Updates
2016-03-08 00:24:38	Multiple Updates
2016-03-07 21:24:12	Multiple Updates
2015-05-21 13:30:45	Multiple Updates
2015-03-06 21:24:19	Multiple Updates
2015-03-05 17:22:26	Multiple Updates
2015-03-05 09:22:46	Multiple Updates
2015-03-03 09:23:02	Multiple Updates
2015-02-27 13:24:21	Multiple Updates
2015-01-21 13:26:18	Multiple Updates
2014-11-13 13:26:52	Multiple Updates
2014-06-14 13:35:59	Multiple Updates
2014-03-26 13:22:37	Multiple Updates
2014-03-19 13:21:27	Multiple Updates
2014-02-17 11:21:44	Multiple Updates
2014-01-04 13:19:31	Multiple Updates
2013-12-08 13:19:29	Multiple Updates
2013-11-11 12:40:43	Multiple Updates
2013-10-25 21:20:03	Multiple Updates
2013-10-23 21:19:58	Multiple Updates
2013-10-11 13:27:02	Multiple Updates
2013-10-02 17:19:28	Multiple Updates
2013-09-12 13:20:45	Multiple Updates
2013-09-09 21:21:28	Multiple Updates
2013-09-08 00:19:29	Multiple Updates
2013-08-22 17:20:44	Multiple Updates
2013-08-07 21:20:21	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	14
CPE ID(s)	177
Sources(s)	25
ExploitDB Exploit(s)	1
IAVM(s)	1
Nessus® Exploit(s)	31

	Related
10	GLSA-201502-15
8.3	HPSBUX03087 SSR...
5.1	RHSA-2014:0305
5.1	RHSA-2013:1542
5.1	RHSA-2013:1310
5	USN-1966-1
5	RHSA-2013:1543
5	MDVSA-2013:207
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)