FreeBSD Local Security Checks : FreeBSD Ports: samba3

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52392

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: samba3

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: samba3

CVE-2004-0807
Samba 3.0.6 and earlier allows remote attackers to cause a denial of
service (infinite loop and memory exhaustion) via certain malformed
requests that cause new processes to be spawned and enter an infinite
loop.

CVE-2004-0808
The process_logon_packet function in the nmbd server for Samba 3.0.6
and earlier, when domain logons are enabled, allows remote attackers
to cause a denial of service via a SAM_UAS_CHANGE request with a
length value that is larger than the number of structures that are
provided.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0807
Bugtraq: 20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) (Google Search)
http://marc.info/?l=bugtraq&m=109509335230495&w=2
Bugtraq: 20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=109526231623307&w=2
Conectiva Linux advisory: CLA-2004:873
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml
http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141
http://www.redhat.com/support/errata/RHSA-2004-467.html
SGI Security Advisory: 20041201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
http://www.trustix.net/errata/2004/0046/
Common Vulnerability Exposure (CVE) ID: CVE-2004-0808
http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52392
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: samba3
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: samba3 CVE-2004-0807 Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. CVE-2004-0808 The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0807 Bugtraq: 20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) (Google Search) http://marc.info/?l=bugtraq&m=109509335230495&w=2 Bugtraq: 20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=109526231623307&w=2 Conectiva Linux advisory: CLA-2004:873 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141 http://www.redhat.com/support/errata/RHSA-2004-467.html SGI Security Advisory: 20041201-01-P ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P http://www.trustix.net/errata/2004/0046/ Common Vulnerability Exposure (CVE) ID: CVE-2004-0808 http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344
Copyright	Copyright (C) 2008 E-Soft Inc.