CVE-2021-44142: Vulnerability in Samba (openvas-smb)

owem777 · February 8, 2022, 8:17am

GVM versions

gsad: Greenbone Security Assistant 20.08.0
gvmd: Greenbone Vulnerability Manager 20.08.0 / Manager DB revision 233
openvas-scanner: OpenVAS 20.8.0
gvm-libs: gvm-libs 20.8.0

Environment

Operating system: GNU/Linux Ubuntu 20.04
Kernel: 5.4.0-53-generic #59-Ubuntu
Installation method / source: OpenVAS 20.08 on Ubuntu 20.04
Source: https://www.libellux.com/openvas/

Hi Community,

A critical vulnerability (CVE-2021-44142 score 9.9) in Samba and all versions of Samba prior to 4.13.17 are vulnerable.

As we know, SMB module is included in openvas-smb package for OpenVAS Scanner.

Would you please help to check whether openvas-smb package is fine or provide any mitigation plan?

Please refer to Samba - Security Announcement Archive for more detail.

DeeAnn · February 8, 2022, 1:48pm

Hi @owem777,

Thank you for checking, I asked and was informed that the SMB module is unaffected. It looks like you’re using a retired release of GVM (we’re currently in the 21 series, please see New releases for GVM 20.08 and GVM 21.04) so if you run into any issues we’d recommend upgrading. Thanks!

DeeAnn · February 10, 2022, 9:01am

A post was split to a new topic: Scan interrupted at 0% and “scan process failure”