Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:090 (samba)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.67370

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Security Advisory MDVSA-2010:090 (samba)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing an update to samba
announced via advisory MDVSA-2010:090.

Multiple vulnerabilies has been found and corrected in samba:

client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify
that the (1) device name and (2) mountpoint strings are composed of
valid characters, which allows local users to cause a denial of service
(mtab corruption) via a crafted string (CVE-2010-0547).

client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users
to mount a CIFS share on an arbitrary mountpoint, and gain privileges,
via a symlink attack on the mountpoint directory file (CVE-2010-0747).

The updated packages have been patched to correct these issues.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:090

Risk factor : Medium

CVSS Score:
2.1

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0547
BugTraq ID: 38326
http://www.securityfocus.com/bid/38326
http://security.gentoo.org/glsa/glsa-201206-29.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:090
http://secunia.com/advisories/39317
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.vupen.com/english/advisories/2010/1062
Common Vulnerability Exposure (CVE) ID: CVE-2010-0747
https://security-tracker.debian.org/tracker/CVE-2010-0747
https://www.debian.org/security/2010/dsa-2015

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.67370
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:090 (samba)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to samba announced via advisory MDVSA-2010:090. Multiple vulnerabilies has been found and corrected in samba: client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string (CVE-2010-0547). client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file (CVE-2010-0747). The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:090 Risk factor : Medium CVSS Score: 2.1
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0547 BugTraq ID: 38326 http://www.securityfocus.com/bid/38326 http://security.gentoo.org/glsa/glsa-201206-29.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:090 http://secunia.com/advisories/39317 SuSE Security Announcement: SUSE-SR:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.vupen.com/english/advisories/2010/1062 Common Vulnerability Exposure (CVE) ID: CVE-2010-0747 https://security-tracker.debian.org/tracker/CVE-2010-0747 https://www.debian.org/security/2010/dsa-2015
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com