| Description: | Summary:
The remote host is missing an update for the 'samba' package(s) announced via the SSA:2009-276-01 advisory.
Vulnerability Insight:
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
12.1, 12.2, 13.0, and -current to fix security issues.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[links moved to references]
Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.2.15-i486-1_slack13.0.txz:
This update fixes the following security issues.
A misconfigured /etc/passwd with no defined home directory could allow
security restrictions to be bypassed.
mount.cifs could allow a local user to read the first line of an arbitrary
file if installed setuid. (On Slackware, it was not installed setuid)
Specially crafted SMB requests could cause a denial of service.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
6.0
CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
