pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-3247/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

421 lines
20 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213247",
"Version": "oval:org.altlinux.errata:def:20213247",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3247: package `samba` update to version 4.14.10-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3247",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3247",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05958",
"RefURL": "https://bdu.fstec.ru/vul/2021-05958",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05993",
"RefURL": "https://bdu.fstec.ru/vul/2021-05993",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06022",
"RefURL": "https://bdu.fstec.ru/vul/2021-06022",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00004",
"RefURL": "https://bdu.fstec.ru/vul/2022-00004",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05701",
"RefURL": "https://bdu.fstec.ru/vul/2022-05701",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05702",
"RefURL": "https://bdu.fstec.ru/vul/2022-05702",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05707",
"RefURL": "https://bdu.fstec.ru/vul/2022-05707",
"Source": "BDU"
},
{
"RefID": "CVE-2016-2124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2124",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25717",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25718",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25718",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25719",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25719",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Source": "CVE"
},
{
"RefID": "CVE-2020-25722",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-25722",
"Source": "CVE"
},
{
"RefID": "CVE-2021-23192",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-23192",
"Source": "CVE"
},
{
"RefID": "CVE-2021-3738",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3738",
"Source": "CVE"
}
],
"Description": "This update upgrades samba to version 4.14.10-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05958: Уязвимость компонента сборки MIT Kerberos Samba AD DC программ сетевого взаимодействия Samba, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2021-05993: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с возможностью перевода клиентского соединения на аутентификацию с открытым текстом, позволяющая нарушителю выполнить атаку типа «человек посередине»\n\n * BDU:2021-06022: Уязвимость функционала создания учетных записей в домене MachineAccountQuota программ сетевого взаимодействия Samba, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2022-00004: Уязвимость компонента Active Directory Domain Controller пакета программ для сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-05701: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05702: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-05707: Уязвимость компонентов DCE/RPC пакета программ сетевого взаимодействия Samba, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n\n * CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.\n\n * CVE-2020-25718: A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.\n\n * CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.\n\n * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n\n * CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.\n\n * CVE-2021-23192: A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.\n\n * CVE-2021-3738: In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-11-10"
},
"Updated": {
"Date": "2021-11-10"
},
"BDUs": [
{
"ID": "BDU:2021-05958",
"CVSS": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-05958",
"Impact": "High",
"Public": "20211109"
},
{
"ID": "BDU:2021-05993",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-284",
"Href": "https://bdu.fstec.ru/vul/2021-05993",
"Impact": "Critical",
"Public": "20161124"
},
{
"ID": "BDU:2021-06022",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-06022",
"Impact": "High",
"Public": "20211109"
},
{
"ID": "BDU:2022-00004",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2022-00004",
"Impact": "Critical",
"Public": "20200618"
},
{
"ID": "BDU:2022-05701",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-287",
"Href": "https://bdu.fstec.ru/vul/2022-05701",
"Impact": "High",
"Public": "20200916"
},
{
"ID": "BDU:2022-05702",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-05702",
"Impact": "High",
"Public": "20201029"
},
{
"ID": "BDU:2022-05707",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-74",
"Href": "https://bdu.fstec.ru/vul/2022-05707",
"Impact": "High",
"Public": "20211019"
}
],
"CVEs": [
{
"ID": "CVE-2016-2124",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-287",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2124",
"Impact": "Low",
"Public": "20220218"
},
{
"ID": "CVE-2020-25717",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25718",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25718",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25719",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25719",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2020-25721",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25721",
"Impact": "High",
"Public": "20220316"
},
{
"ID": "CVE-2020-25722",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-25722",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2021-23192",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-23192",
"Impact": "High",
"Public": "20220302"
},
{
"ID": "CVE-2021-3738",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3738",
"Impact": "High",
"Public": "20220302"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213247001",
"Comment": "admx-samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247002",
"Comment": "libldb-modules-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247003",
"Comment": "libsmbclient is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247004",
"Comment": "libsmbclient-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247005",
"Comment": "libwbclient is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247006",
"Comment": "libwbclient-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247007",
"Comment": "python3-module-samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247008",
"Comment": "python3-module-samba-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247009",
"Comment": "samba is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247010",
"Comment": "samba-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247011",
"Comment": "samba-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247012",
"Comment": "samba-common-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247013",
"Comment": "samba-common-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247014",
"Comment": "samba-common-tools is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247015",
"Comment": "samba-ctdb is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247016",
"Comment": "samba-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247017",
"Comment": "samba-dc-client is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247018",
"Comment": "samba-dc-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247019",
"Comment": "samba-dc-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247020",
"Comment": "samba-dc-mitkrb5 is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247021",
"Comment": "samba-devel is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247022",
"Comment": "samba-doc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247023",
"Comment": "samba-libs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247024",
"Comment": "samba-pidl is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247025",
"Comment": "samba-test is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247026",
"Comment": "samba-util-private-headers is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247027",
"Comment": "samba-vfs-cephfs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247028",
"Comment": "samba-vfs-glusterfs is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247029",
"Comment": "samba-vfs-snapper is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247030",
"Comment": "samba-winbind is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247031",
"Comment": "samba-winbind-clients is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247032",
"Comment": "samba-winbind-common is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247033",
"Comment": "samba-winbind-krb5-localauth is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247034",
"Comment": "samba-winbind-krb5-locator is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247035",
"Comment": "task-samba-dc is earlier than 0:4.14.10-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213247036",
"Comment": "task-samba-dc-mitkrb5 is earlier than 0:4.14.10-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink