Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:035 (samba)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50515

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:035 (samba)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to samba
announced via advisory MDKSA-2004:035.

A vulnerability was discovered in samba where a local user could use
the smbmnt utility, which is shipped suid root, to mount a file share
from a remote server which would contain a setuid program under the
control of the user. By executing this setuid program, the local user
could elevate their privileges on the local system.

The updated packages are patched to prevent this problem. The version
of samba shipped with Mandrakelinux 10.0 does not have this problem.

Affected versions: 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0186

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 9619
Common Vulnerability Exposure (CVE) ID: CVE-2004-0186
http://www.securityfocus.com/bid/9619
Bugtraq: 20040209 Samba 3.x + kernel 2.6.x local root vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=107636290906296&w=2
Bugtraq: 20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=107657505718743&w=2
Debian Security Information: DSA-463 (Google Search)
http://www.debian.org/security/2004/dsa-463
http://www.osvdb.org/3916
XForce ISS Database: samba-smbmnt-gain-privileges(15131)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50515
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:035 (samba)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to samba announced via advisory MDKSA-2004:035. A vulnerability was discovered in samba where a local user could use the smbmnt utility, which is shipped suid root, to mount a file share from a remote server which would contain a setuid program under the control of the user. By executing this setuid program, the local user could elevate their privileges on the local system. The updated packages are patched to prevent this problem. The version of samba shipped with Mandrakelinux 10.0 does not have this problem. Affected versions: 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0186 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 9619 Common Vulnerability Exposure (CVE) ID: CVE-2004-0186 http://www.securityfocus.com/bid/9619 Bugtraq: 20040209 Samba 3.x + kernel 2.6.x local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107636290906296&w=2 Bugtraq: 20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=107657505718743&w=2 Debian Security Information: DSA-463 (Google Search) http://www.debian.org/security/2004/dsa-463 http://www.osvdb.org/3916 XForce ISS Database: samba-smbmnt-gain-privileges(15131) https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com