Test Kennung:	1.3.6.1.4.1.25623.1.0.64316
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2009-177-01)
Zusammenfassung:	The remote host is missing an update for the 'samba' package(s) announced via the SSA:2009-177-01 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the SSA:2009-177-01 advisory. Vulnerability Insight: New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/samba-3.2.13-i486-1_slack12.2.tgz: Upgraded. This upgrade fixes the following security issues: o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when 'dos filemode' is set to 'yes'. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1886 1022441 http://www.securitytracker.com/id?1022441 35472 http://www.securityfocus.com/bid/35472 35539 http://secunia.com/advisories/35539 35573 http://secunia.com/advisories/35573 35606 http://secunia.com/advisories/35606 36918 http://secunia.com/advisories/36918 ADV-2009-1664 http://www.vupen.com/english/advisories/2009/1664 DSA-1823 http://www.debian.org/security/2009/dsa-1823 MDVSA-2009:196 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 SSA:2009-177-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591 USN-839-1 http://www.ubuntu.com/usn/USN-839-1 http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch http://www.samba.org/samba/security/CVE-2009-1886.html https://bugzilla.samba.org/show_bug.cgi?id=6478 samba-smbclient-format-string(51328) https://exchange.xforce.ibmcloud.com/vulnerabilities/51328 Common Vulnerability Exposure (CVE) ID: CVE-2009-1888 1022442 http://www.securitytracker.com/id?1022442 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat http://www.securityfocus.com/archive/1/507856/100/0/threaded http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch http://www.samba.org/samba/security/CVE-2009-1888.html oval:org.mitre.oval:def:10790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790 oval:org.mitre.oval:def:7292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292 samba-acl-security-bypass(51327) https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.