pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-3247/definitions.json

421 lines
20 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-12-13 00:07:30 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213247",
"Version": "oval:org.altlinux.errata:def:20213247",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3247: package `samba` update to version 4.14.10-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3247",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3247",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05958",
"RefURL": "https://bdu.fstec.ru/vul/2021-05958",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05993",
"RefURL": "https://bdu.fstec.ru/vul/2021-05993",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06022",
"RefURL": "https://bdu.fstec.ru/vul/2021-06022",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00004",
"RefURL": "https://bdu.fstec.ru/vul/2022-00004",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05701",
"RefURL": "https://bdu.fstec.ru/vul/2022-05701",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05702",
"RefURL": "https://bdu.fstec.ru/vul/2022-05702",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05707",
"RefURL": "https://bdu.fstec.ru/vul/2022-05707",
"Source": "BDU"
},
{
"RefID": "CVE-2016-2124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2124",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25717",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25718",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25718",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25719",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25719",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25722",
"Source": "CVE"
},
{
"RefID": "CVE-2021-23192",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23192",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3738",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3738",
"Source": "CVE"
}
],
"Description": "This update upgrades samba to version 4.14.10-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05958: Уязвимость компонента сборки MIT Kerberos Samba AD DC программ сетевого взаимодействия Samba, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2021-05993: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с возможностью перевода клиентского соединения на аутентификацию с открытым текстом, позволяющая нарушителю выполнить атаку типа «человек посередине»\n\n * BDU:2021-06022: Уязвимость функционала создания учетных записей в домене MachineAccountQuota программ сетевого взаимодействия Samba, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-00004: Уязвимость компонента Active Directory Domain Controller пакета программ для сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-05701: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05702: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05707: Уязвимость компонентов DCE/RPC пакета программ сетевого взаимодействия Samba, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n\n * CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.\n\n * CVE-2020-25718: A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.\n\n * CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.\n\n * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n\n * CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.\n\n * CVE-2021-23192: A flaw was found in the way samba implemented DCE/RPC. If a
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-11-10"
},
"Updated": {
"Date": "2021-11-10"
},
"BDUs": [
{
"ID": "BDU:2021-05958",
"CVSS": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-05958",
"Impact": "High",
"Public": "20211109"
},
{
"ID": "BDU:2021-05993",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2021-05993",
"Impact": "Critical",
"Public": "20161124"
},
{
"ID": "BDU:2021-06022",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-06022",
"Impact": "High",
"Public": "20211109"
},
{
"ID": "BDU:2022-00004",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-00004",
"Impact": "Critical",
"Public": "20200618"
},
{
"ID": "BDU:2022-05701",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://bdu.fstec.ru/vul/2022-05701",
"Impact": "High",
"Public": "20200916"
},
{
"ID": "BDU:2022-05702",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-05702",
"Impact": "High",
"Public": "20201029"
},
{
"ID": "BDU:2022-05707",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2022-05707",
"Impact": "High",
"Public": "20211019"
}
],
"CVEs": [
{
"ID": "CVE-2016-2124",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2124",
"Impact": "Low",
"Public": "20220218"
},
{
"ID": "CVE-2020-25717",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25718",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25718",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25719",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25719",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25721",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Impact": "High",
"Public": "20220316"
},
{
"ID": "CVE-2020-25722",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25722",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2021-23192",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23192",
"Impact": "High",
"Public": "20220302"
},
{
"ID": "CVE-2021-3738",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3738",
"Impact": "High",
"Public": "20220302"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213247001",
"Comment": "admx-samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247002",
"Comment": "libldb-modules-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247003",
"Comment": "libsmbclient is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247004",
"Comment": "libsmbclient-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247005",
"Comment": "libwbclient is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247006",
"Comment": "libwbclient-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247007",
"Comment": "python3-module-samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247008",
"Comment": "python3-module-samba-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247009",
"Comment": "samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247010",
"Comment": "samba-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247011",
"Comment": "samba-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247012",
"Comment": "samba-common-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247013",
"Comment": "samba-common-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247014",
"Comment": "samba-common-tools is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247015",
"Comment": "samba-ctdb is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247016",
"Comment": "samba-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247017",
"Comment": "samba-dc-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247018",
"Comment": "samba-dc-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247019",
"Comment": "samba-dc-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247020",
"Comment": "samba-dc-mitkrb5 is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247021",
"Comment": "samba-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247022",
"Comment": "samba-doc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247023",
"Comment": "samba-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247024",
"Comment": "samba-pidl is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247025",
"Comment": "samba-test is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247026",
"Comment": "samba-util-private-headers is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247027",
"Comment": "samba-vfs-cephfs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247028",
"Comment": "samba-vfs-glusterfs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247029",
"Comment": "samba-vfs-snapper is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247030",
"Comment": "samba-winbind is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247031",
"Comment": "samba-winbind-clients is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247032",
"Comment": "samba-winbind-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247033",
"Comment": "samba-winbind-krb5-localauth is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247034",
"Comment": "samba-winbind-krb5-locator is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247035",
"Comment": "task-samba-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247036",
"Comment": "task-samba-dc-mitkrb5 is earlier than 0:4.14.10-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink