Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for samba (DLA-1754-1)
Zusammenfassung:The remote host is missing an update for the 'samba'; package(s) announced via the DLA-1754-1 advisory.
The remote host is missing an update for the 'samba'
package(s) announced via the DLA-1754-1 advisory.

Vulnerability Insight:
Various vulnerabilities were discovered in Samba, SMB/CIFS file, print,
and login server/client for Unix


smbd in Samba had a denial of service vulnerability (fd_open_atomic
infinite loop with high CPU usage and memory consumption) due to
wrongly handling dangling symlinks.


Samba was vulnerable to a denial of service attack when the RPC
spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to
spoolss RPC calls could have caused the print spooler service to


On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
permissions to modify passwords over LDAP allowing authenticated
users to change any other users' passwords, including administrative
users and privileged service accounts (eg Domain Controllers).

Thanks to the Ubuntu security team for having backported the rather
invasive changeset to Samba in Ubuntu 14.04 (which we could use to
patch Samba in Debian jessie LTS).


A flaw was found in the way Samba implemented an RPC endpoint
emulating the Windows registry service API. An unprivileged attacker
could have used this flaw to create a new registry hive file anywhere
they had unix permissions which could have lead to creation of a new
file in the Samba share.

Affected Software/OS:
'samba' package(s) on Debian Linux.

For Debian 8 'Jessie', these problems have been fixed in version

We recommend that you upgrade your samba packages.

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9461
BugTraq ID: 99455
RedHat Security Advisories: RHSA-2017:1950
RedHat Security Advisories: RHSA-2017:2338
RedHat Security Advisories: RHSA-2017:2778
Common Vulnerability Exposure (CVE) ID: CVE-2018-1050
BugTraq ID: 103387
Debian Security Information: DSA-4135 (Google Search)
RedHat Security Advisories: RHSA-2018:1860
RedHat Security Advisories: RHSA-2018:1883
RedHat Security Advisories: RHSA-2018:2612
RedHat Security Advisories: RHSA-2018:2613
RedHat Security Advisories: RHSA-2018:3056
Common Vulnerability Exposure (CVE) ID: CVE-2018-1057
BugTraq ID: 103382
Common Vulnerability Exposure (CVE) ID: CVE-2019-3880
RedHat Security Advisories: RHSA-2019:1966
RedHat Security Advisories: RHSA-2019:1967
RedHat Security Advisories: RHSA-2019:2099
RedHat Security Advisories: RHSA-2019:3582
SuSE Security Announcement: openSUSE-SU-2019:1180 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1292 (Google Search)
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.