ID de Prueba:	1.3.6.1.4.1.25623.1.0.51557
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:550
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:550. Samba is a server that provides SMB services such as file and printer sharing for other SMB clients, such as Windows(R). Steve Langasek and Eloy Paris discovered a vulnerability in Samba versions 2.2.2 to 2.2.6 which may allow a remote attacker to execute arbitrary code in the server context. The vulnerability, which is a buffer overflow in a function used to decrypt hashed passwords, can be exploited by an attacker when authenticating a valid account in the samba server. In order to sucessfully run arbitrary code, the overflow must be crafted such that converting a DOS codepage string to little endian UCS2 unicode translates into an executable block of code. This update also adds other fixes for potential buffer overflows from samba 2.2.7 that are not part of the standard patch supplied by the samba authors in their announcement[1]. The samba package distributed in Conectiva Linux 6.0 (samba-2.0.9) is not vulnerable to the announced buffer overflow, but it is being upgraded with these aditional fixes. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://us1.samba.org/samba/whatsnew/samba-2.2.7.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:550 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.