Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0397
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0397)
Zusammenfassung:	The remote host is missing an update for the 'ldb, samba' package(s) announced via the MGASA-2019-0397 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ldb, samba' package(s) announced via the MGASA-2019-0397 advisory. Vulnerability Insight: Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code (CVE-2019-10218). When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string (CVE-2019-14833). Users with the 'get changes' extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax (CVE-2019-14847). An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name (CVE-2019-14861). The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC (CVE-2019-14870). Affected Software/OS: 'ldb, samba' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10218 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/ https://www.samba.org/samba/security/CVE-2019-10218.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14833 https://www.samba.org/samba/security/CVE-2019-14833.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14847 https://www.samba.org/samba/security/CVE-2019-14847.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14861 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861 https://security.netapp.com/advisory/ntap-20191210-0002/ https://www.samba.org/samba/security/CVE-2019-14861.html https://www.synology.com/security/advisory/Synology_SA_19_40 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/ https://security.gentoo.org/glsa/202003-52 http://www.openwall.com/lists/oss-security/2024/06/24/3 SuSE Security Announcement: openSUSE-SU-2019:2700 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html https://usn.ubuntu.com/4217-1/ https://usn.ubuntu.com/4217-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-14870 https://security.gentoo.org/glsa/202310-06 https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.