Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:064

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51083

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:064

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:064.

Samba provides file and printer sharing services to SMB/CIFS clients.

The Samba team discovered an issue that affects version 3.0.0 and 3.0.1 of
Samba. If an account for a user is created, but marked as disabled using
the mksmbpasswd script, it is possible for Samba to overwrite the user's
password with the contents of an uninitialized buffer. This might lead to
a disabled account becoming enabled with a password that could be guessed
by an attacker.

Although this is likely to be a low risk issue for most Samba users, we
have provided updated packages, which contain a backported patch correcting
this issue.

Red Hat would like to thank the Samba team for reporting this issue and
providing us with a patch.

Note: Due to a packaging error in samba-3.0.0-14.3E, the winbind daemon is
not automatically restarted when the Samba package is upgraded. After
up2date has installed the samba-3.0.2-4.3E packages, you must run
/sbin/service winbind condrestart as root to restart the winbind daemon.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-064.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 9637
Common Vulnerability Exposure (CVE) ID: CVE-2004-0082
http://www.securityfocus.com/bid/9637
Computer Incident Advisory Center Bulletin: O-078
http://www.ciac.org/ciac/bulletins/o-078.shtml
http://www.osvdb.org/3919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827
http://www.redhat.com/support/errata/RHSA-2004-064.html
XForce ISS Database: samba-mksmbpasswd-gain-access(15132)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15132

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51083
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:064
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:064. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team discovered an issue that affects version 3.0.0 and 3.0.1 of Samba. If an account for a user is created, but marked as disabled using the mksmbpasswd script, it is possible for Samba to overwrite the user's password with the contents of an uninitialized buffer. This might lead to a disabled account becoming enabled with a password that could be guessed by an attacker. Although this is likely to be a low risk issue for most Samba users, we have provided updated packages, which contain a backported patch correcting this issue. Red Hat would like to thank the Samba team for reporting this issue and providing us with a patch. Note: Due to a packaging error in samba-3.0.0-14.3E, the winbind daemon is not automatically restarted when the Samba package is upgraded. After up2date has installed the samba-3.0.2-4.3E packages, you must run /sbin/service winbind condrestart as root to restart the winbind daemon. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-064.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 9637 Common Vulnerability Exposure (CVE) ID: CVE-2004-0082 http://www.securityfocus.com/bid/9637 Computer Incident Advisory Center Bulletin: O-078 http://www.ciac.org/ciac/bulletins/o-078.shtml http://www.osvdb.org/3919 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827 http://www.redhat.com/support/errata/RHSA-2004-064.html XForce ISS Database: samba-mksmbpasswd-gain-access(15132) https://exchange.xforce.ibmcloud.com/vulnerabilities/15132
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com