Gain root remotely : Samba trans2open buffer overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11523

Categoría: Gain root remotely

Título: Samba trans2open buffer overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote Samba server is vulnerable to a buffer overflow
when it processes the function trans2open().

An attacker may exploit this flaw to gain a root shell on
this host.

Solution : upgrade to Samba 2.2.8a or 3.0.0
Risk factor : High

Referencia Cruzada: BugTraq ID: 7294
BugTraq ID: 7295
Common Vulnerability Exposure (CVE) ID: CVE-2003-0201
http://www.securityfocus.com/bid/7294
Bugtraq: 20030407 Immunix Secured OS 7+ samba update (Google Search)
http://marc.info/?l=bugtraq&m=104974612519064&w=2
Bugtraq: 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise (Google Search)
http://marc.info/?l=bugtraq&m=104972664226781&w=2
Bugtraq: 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08 (Google Search)
http://marc.info/?l=bugtraq&m=104981682014565&w=2
Bugtraq: 20030409 GLSA: samba (200304-02) (Google Search)
http://marc.info/?l=bugtraq&m=104994564212488&w=2
CERT/CC vulnerability note: VU#267873
http://www.kb.cert.org/vuls/id/267873
Conectiva Linux advisory: CLA-2003:624
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
Debian Security Information: DSA-280 (Google Search)
http://www.debian.org/security/2003/dsa-280
http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567
http://www.redhat.com/support/errata/RHSA-2003-137.html
SGI Security Advisory: 20030403-01-P
ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
SuSE Security Announcement: SuSE-SA:2003:025 (Google Search)
http://www.novell.com/linux/security/advisories/2003_025_samba.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0196
Bugtraq: 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=104973186901597&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564

Copyright This script is Copyright (C) 2003 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11523
Categoría:	Gain root remotely
Título:	Samba trans2open buffer overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote Samba server is vulnerable to a buffer overflow when it processes the function trans2open(). An attacker may exploit this flaw to gain a root shell on this host. Solution : upgrade to Samba 2.2.8a or 3.0.0 Risk factor : High
Referencia Cruzada:	BugTraq ID: 7294 BugTraq ID: 7295 Common Vulnerability Exposure (CVE) ID: CVE-2003-0201 http://www.securityfocus.com/bid/7294 Bugtraq: 20030407 Immunix Secured OS 7+ samba update (Google Search) http://marc.info/?l=bugtraq&m=104974612519064&w=2 Bugtraq: 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=104972664226781&w=2 Bugtraq: 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08 (Google Search) http://marc.info/?l=bugtraq&m=104981682014565&w=2 Bugtraq: 20030409 GLSA: samba (200304-02) (Google Search) http://marc.info/?l=bugtraq&m=104994564212488&w=2 CERT/CC vulnerability note: VU#267873 http://www.kb.cert.org/vuls/id/267873 Conectiva Linux advisory: CLA-2003:624 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624 Debian Security Information: DSA-280 (Google Search) http://www.debian.org/security/2003/dsa-280 http://www.mandriva.com/security/advisories?name=MDKSA-2003:044 http://www.digitaldefense.net/labs/advisories/DDI-1013.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567 http://www.redhat.com/support/errata/RHSA-2003-137.html SGI Security Advisory: 20030403-01-P ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P SuSE Security Announcement: SuSE-SA:2003:025 (Google Search) http://www.novell.com/linux/security/advisories/2003_025_samba.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0196 Bugtraq: 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=104973186901597&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564
Copyright	This script is Copyright (C) 2003 Renaud Deraison