English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75516 CVE Beschreibungen
und 39786 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54042
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2004:040 (samba)
Zusammenfassung:SuSE Security Advisory SUSE-SA:2004:040 (samba)
Beschreibung:
The remote host is missing updates announced in
advisory SUSE-SA:2004:040.

There is a problem in the Samba file sharing service daemon, which
allows a remote user to have the service consume lots of computing
power and potentially crash the service by querying special wildcarded
filenames.

This attack can be successful if the Samba daemon is running and a
remote user has access to a share (even read only).

The Samba team has issued the new Samba version 3.0.8 to fix this
problem, this update backports the relevant patch.

This issue has been assigned the Mitre CVE ID CVE-2004-0930.

Stefan Esser found a problem in the Unicode string handling in the
Samba file handling which could lead to a remote heap buffer
overflow and might allow remote attackers to inject code in the smbd
process.

This issue has been assigned the Mitre CVE ID CVE-2004-0882.

The Samba version 2 packages are not affected by this problem.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2004:040

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0930
http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false
Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109993720717957&w=2
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Conectiva Linux advisory: CLA-2004:899
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:131
SCO Security Bulletin: SCOSA-2005.17
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
SGI Security Advisory: 20041201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1
SuSE Security Announcement: SUSE-SA:2004:040 (Google Search)
http://www.novell.com/linux/security/advisories/2004_40_samba.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110022719024619&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=110330519803655&w=2
BugTraq ID: 11624
http://www.securityfocus.com/bid/11624
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10936
XForce ISS Database: samba-msfnmatch-dos(17987)
http://xforce.iss.net/xforce/xfdb/17987
Common Vulnerability Exposure (CVE) ID: CVE-2004-0882
Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110054671403755&w=2
http://security.e-matters.de/advisories/132004.html
Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110055646329581&w=2
http://www.trustix.net/errata/2004/0058/
Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search)
CERT/CC vulnerability note: VU#457622
http://www.kb.cert.org/vuls/id/457622
Computer Incident Advisory Center Bulletin: P-038
http://www.ciac.org/ciac/bulletins/p-038.shtml
http://www.osvdb.org/11782
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9969
http://securitytracker.com/id?1012235
http://secunia.com/advisories/13189
XForce ISS Database: samba-qfilepathinfo-bo(18070)
http://xforce.iss.net/xforce/xfdb/18070
Common Vulnerability Exposure (CVE) ID: CVE-2004-1007
XForce ISS Database: bogofilter-dos(17916)
http://xforce.iss.net/xforce/xfdb/17916
Common Vulnerability Exposure (CVE) ID: CVE-2004-0989
Bugtraq: 20041026 libxml2 remote buffer overflows (not in xml parsing code though) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Conectiva Linux advisory: CLA-2004:890
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890
Debian Security Information: DSA-582 (Google Search)
http://www.debian.org/security/2004/dsa-582
http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
http://www.redhat.com/support/errata/RHSA-2004-615.html
http://www.redhat.com/support/errata/RHSA-2004-650.html
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2
Computer Incident Advisory Center Bulletin: P-029
http://www.ciac.org/ciac/bulletins/p-029.shtml
BugTraq ID: 11526
http://www.securityfocus.com/bid/11526
http://www.osvdb.org/11179
http://www.osvdb.org/11180
http://www.osvdb.org/11324
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10505
http://securitytracker.com/id?1011941
http://secunia.com/advisories/13000
XForce ISS Database: libxml2-xmlnanoftpscanurl-bo(17870)
http://xforce.iss.net/xforce/xfdb/17870
XForce ISS Database: libxml2-xmlnanoftpscanproxy-bo(17875)
http://xforce.iss.net/xforce/xfdb/17875
XForce ISS Database: libxml2-nanoftp-file-bo(17872)
http://xforce.iss.net/xforce/xfdb/17872
XForce ISS Database: libxml2-nanohttp-file-bo(17876)
http://xforce.iss.net/xforce/xfdb/17876
Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
Conectiva Linux advisory: CLA-2004:886
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
Debian Security Information: DSA-573 (Google Search)
http://www.debian.org/security/2004/dsa-573
Debian Security Information: DSA-581 (Google Search)
http://www.debian.org/security/2004/dsa-581
Debian Security Information: DSA-599 (Google Search)
http://www.debian.org/security/2004/dsa-599
http://marc.theaimsgroup.com/?l=bugtraq&m=110815379627883&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2353
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
http://www.redhat.com/support/errata/RHSA-2004-543.html
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109880927526773&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109900116408307&w=2
BugTraq ID: 11501
http://www.securityfocus.com/bid/11501
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9714
XForce ISS Database: xpdf-pdf-bo(17818)
http://xforce.iss.net/xforce/xfdb/17818
Common Vulnerability Exposure (CVE) ID: CVE-2004-0889
XForce ISS Database: xpdf-pdf-file-bo(17819)
http://xforce.iss.net/xforce/xfdb/17819
Common Vulnerability Exposure (CVE) ID: CVE-2004-0891
https://bugzilla.fedora.us/show_bug.cgi?id=2188
http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
http://www.redhat.com/support/errata/RHSA-2004-604.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109900412126643&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11790
XForce ISS Database: gaim-file-transfer-dos(17790)
http://xforce.iss.net/xforce/xfdb/17790
XForce ISS Database: gaim-msn-slp-bo(17786)
http://xforce.iss.net/xforce/xfdb/17786
XForce ISS Database: gaim-msn-slp-dos(17787)
http://xforce.iss.net/xforce/xfdb/17787
Common Vulnerability Exposure (CVE) ID: CVE-2004-0940
Debian Security Information: DSA-594 (Google Search)
http://www.debian.org/security/2004/dsa-594
http://www.mandriva.com/security/advisories?name=MDKSA-2004:134
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109906660225051&w=2
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
BugTraq ID: 11471
http://www.securityfocus.com/bid/11471
http://www.vupen.com/english/advisories/2006/0789
http://securitytracker.com/id?1011783
http://secunia.com/advisories/12898/
http://secunia.com/advisories/19073
XForce ISS Database: apache-modinclude-bo(17785)
http://xforce.iss.net/xforce/xfdb/17785
Common Vulnerability Exposure (CVE) ID: CVE-2004-0492
http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html
http://www.guninski.com/modproxy1.html
Bugtraq: 20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108711172710140&w=2
Debian Security Information: DSA-525 (Google Search)
http://www.debian.org/security/2004/dsa-525
https://bugzilla.fedora.us/show_bug.cgi?id=1737
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.mandriva.com/security/advisories?name=MDKSA-2004:065
RedHat Security Advisories: RHSA-2004:245
http://rhn.redhat.com/errata/RHSA-2004-245.html
SGI Security Advisory: 20040605-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
CERT/CC vulnerability note: VU#541310
http://www.kb.cert.org/vuls/id/541310
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4863
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100112
http://secunia.com/advisories/11841
XForce ISS Database: apache-modproxy-contentlength-bo(16387)
http://xforce.iss.net/xforce/xfdb/16387
Common Vulnerability Exposure (CVE) ID: CVE-2004-0885
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
HPdes Security Advisory: HPSBUX01123
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123
http://www.redhat.com/support/errata/RHSA-2004-562.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://www.ubuntu.com/usn/usn-177-1
Bugtraq: 20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=109786159119069&w=2
BugTraq ID: 11360
http://www.securityfocus.com/bid/11360
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10384
http://secunia.com/advisories/19072
XForce ISS Database: apache-sslciphersuite-restriction-bypass(17671)
http://xforce.iss.net/xforce/xfdb/17671
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39786 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.