Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200411-21 (samba)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54742

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200411-21 (samba)

Resumen: The remote host is missing updates announced in;advisory GLSA 200411-21.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200411-21.

Vulnerability Insight:
Samba is vulnerable to a buffer overflow that could lead to execution of
arbitrary code (CVE-2004-0882). Another flaw in Samba may allow a remote
attacker to cause a Denial of Service by excessive consumption of CPU
cycles (CVE-2004-0930).

Solution:
All Samba users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.8'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0930
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
BugTraq ID: 11624
http://www.securityfocus.com/bid/11624
Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=109993720717957&w=2
Conectiva Linux advisory: CLA-2004:899
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml
http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false
http://www.mandriva.com/security/advisories?name=MDKSA-2004:131
http://marc.info/?l=bugtraq&m=110330519803655&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936
SCO Security Bulletin: SCOSA-2005.17
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
SGI Security Advisory: 20041201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1
SuSE Security Announcement: SUSE-SA:2004:040 (Google Search)
http://www.novell.com/linux/security/advisories/2004_40_samba.html
https://www.ubuntu.com/usn/usn-22-1/
XForce ISS Database: samba-msfnmatch-dos(17987)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17987
Common Vulnerability Exposure (CVE) ID: CVE-2004-0882
Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=110054671403755&w=2
Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search)
http://marc.info/?l=bugtraq&m=110055646329581&w=2
Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search)
CERT/CC vulnerability note: VU#457622
http://www.kb.cert.org/vuls/id/457622
Computer Incident Advisory Center Bulletin: P-038
http://www.ciac.org/ciac/bulletins/p-038.shtml
http://security.e-matters.de/advisories/132004.html
http://www.osvdb.org/11782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
http://securitytracker.com/id?1012235
http://secunia.com/advisories/13189
http://www.trustix.net/errata/2004/0058/
XForce ISS Database: samba-qfilepathinfo-bo(18070)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18070

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54742
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200411-21 (samba)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200411-21.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200411-21. Vulnerability Insight: Samba is vulnerable to a buffer overflow that could lead to execution of arbitrary code (CVE-2004-0882). Another flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles (CVE-2004-0930). Solution: All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.8' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0930 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html BugTraq ID: 11624 http://www.securityfocus.com/bid/11624 Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=109993720717957&w=2 Conectiva Linux advisory: CLA-2004:899 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899 http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false http://www.mandriva.com/security/advisories?name=MDKSA-2004:131 http://marc.info/?l=bugtraq&m=110330519803655&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936 SCO Security Bulletin: SCOSA-2005.17 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt SGI Security Advisory: 20041201-01-P ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1 SuSE Security Announcement: SUSE-SA:2004:040 (Google Search) http://www.novell.com/linux/security/advisories/2004_40_samba.html https://www.ubuntu.com/usn/usn-22-1/ XForce ISS Database: samba-msfnmatch-dos(17987) https://exchange.xforce.ibmcloud.com/vulnerabilities/17987 Common Vulnerability Exposure (CVE) ID: CVE-2004-0882 Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=110054671403755&w=2 Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search) http://marc.info/?l=bugtraq&m=110055646329581&w=2 Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search) CERT/CC vulnerability note: VU#457622 http://www.kb.cert.org/vuls/id/457622 Computer Incident Advisory Center Bulletin: P-038 http://www.ciac.org/ciac/bulletins/p-038.shtml http://security.e-matters.de/advisories/132004.html http://www.osvdb.org/11782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969 http://securitytracker.com/id?1012235 http://secunia.com/advisories/13189 http://www.trustix.net/errata/2004/0058/ XForce ISS Database: samba-qfilepathinfo-bo(18070) https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
Copyright	Copyright (C) 2008 E-Soft Inc.