Gain root remotely : Samba Fragment Reassembly Overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11398

Categoría: Gain root remotely

Título: Samba Fragment Reassembly Overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote Samba server, according to its version number,
may be vulnerable to a remote buffer overflow when receiving
specially crafted SMB fragment packets.

An attacker needs to be able to access at least one
share to exploit this flaw.

Solution : upgrade to Samba 2.2.8
Risk factor : High

Referencia Cruzada: BugTraq ID: 7106
BugTraq ID: 7107
Common Vulnerability Exposure (CVE) ID: CVE-2003-0085
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/bid/7106
Bugtraq: 20030317 GLSA: samba (200303-11) (Google Search)
http://marc.info/?l=bugtraq&m=104792646416629&w=2
Bugtraq: 20030317 Security Bugfix for Samba - Samba 2.2.8 Released (Google Search)
http://marc.info/?l=bugtraq&m=104792723017768&w=2
Bugtraq: 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=104801012929374&w=2
Bugtraq: 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL (Google Search)
Bugtraq: 20030401 Immunix Secured OS 7+ samba update (Google Search)
http://www.securityfocus.com/archive/1/317145/30/25220/threaded
CERT/CC vulnerability note: VU#298233
http://www.kb.cert.org/vuls/id/298233
Debian Security Information: DSA-262 (Google Search)
http://www.debian.org/security/2003/dsa-262
http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml
Immunix Linux Advisory: IMNX-2003-7+-003-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552
http://www.redhat.com/support/errata/RHSA-2003-095.html
http://www.redhat.com/support/errata/RHSA-2003-096.html
http://secunia.com/advisories/8299
http://secunia.com/advisories/8303
SGI Security Advisory: 20030302-01-I
ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
SuSE Security Announcement: SuSE-SA:2003:016 (Google Search)
http://www.novell.com/linux/security/advisories/2003_016_samba.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0086
http://www.securityfocus.com/bid/7107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554

Copyright This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11398
Categoría:	Gain root remotely
Título:	Samba Fragment Reassembly Overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote Samba server, according to its version number, may be vulnerable to a remote buffer overflow when receiving specially crafted SMB fragment packets. An attacker needs to be able to access at least one share to exploit this flaw. Solution : upgrade to Samba 2.2.8 Risk factor : High
Referencia Cruzada:	BugTraq ID: 7106 BugTraq ID: 7107 Common Vulnerability Exposure (CVE) ID: CVE-2003-0085 http://www.securityfocus.com/archive/1/316165/30/25370/threaded http://www.securityfocus.com/bid/7106 Bugtraq: 20030317 GLSA: samba (200303-11) (Google Search) http://marc.info/?l=bugtraq&m=104792646416629&w=2 Bugtraq: 20030317 Security Bugfix for Samba - Samba 2.2.8 Released (Google Search) http://marc.info/?l=bugtraq&m=104792723017768&w=2 Bugtraq: 20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=104801012929374&w=2 Bugtraq: 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL (Google Search) Bugtraq: 20030401 Immunix Secured OS 7+ samba update (Google Search) http://www.securityfocus.com/archive/1/317145/30/25220/threaded CERT/CC vulnerability note: VU#298233 http://www.kb.cert.org/vuls/id/298233 Debian Security Information: DSA-262 (Google Search) http://www.debian.org/security/2003/dsa-262 http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml Immunix Linux Advisory: IMNX-2003-7+-003-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552 http://www.redhat.com/support/errata/RHSA-2003-095.html http://www.redhat.com/support/errata/RHSA-2003-096.html http://secunia.com/advisories/8299 http://secunia.com/advisories/8303 SGI Security Advisory: 20030302-01-I ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I SuSE Security Announcement: SuSE-SA:2003:016 (Google Search) http://www.novell.com/linux/security/advisories/2003_016_samba.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0086 http://www.securityfocus.com/bid/7107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554
Copyright	This script is Copyright (C) 2003 Renaud Deraison