Test Kennung:	1.3.6.1.4.1.25623.1.0.51557
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:550
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:550. Samba is a server that provides SMB services such as file and printer sharing for other SMB clients, such as Windows(R). Steve Langasek and Eloy Paris discovered a vulnerability in Samba versions 2.2.2 to 2.2.6 which may allow a remote attacker to execute arbitrary code in the server context. The vulnerability, which is a buffer overflow in a function used to decrypt hashed passwords, can be exploited by an attacker when authenticating a valid account in the samba server. In order to sucessfully run arbitrary code, the overflow must be crafted such that converting a DOS codepage string to little endian UCS2 unicode translates into an executable block of code. This update also adds other fixes for potential buffer overflows from samba 2.2.7 that are not part of the standard patch supplied by the samba authors in their announcement[1]. The samba package distributed in Conectiva Linux 6.0 (samba-2.0.9) is not vulnerable to the announced buffer overflow, but it is being upgraded with these aditional fixes. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://us1.samba.org/samba/whatsnew/samba-2.2.7.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:550 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.