Slackware Local Security Checks : Slackware: Security Advisory (SSA:2007-255-02)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.59013

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2007-255-02)

Resumen: The remote host is missing an update for the 'samba' package(s) announced via the SSA:2007-255-02 advisory.

Descripción: Summary:
The remote host is missing an update for the 'samba' package(s) announced via the SSA:2007-255-02 advisory.

Vulnerability Insight:
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0,
and 12.0 to fix a security issue and various other bugs.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[link moved to references]

Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz:
Upgraded to samba-3.0.26a.
This fixes a security issue in all Samba 3.0.25 versions:
'Incorrect primary group assignment for domain users using the rfc2307
or sfu winbind nss info plugin.'
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-4138
1018681
http://www.securitytracker.com/id?1018681
20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default
http://www.securityfocus.com/archive/1/479078/100/0/threaded
25636
http://www.securityfocus.com/bid/25636
26764
http://secunia.com/advisories/26764
26776
http://secunia.com/advisories/26776
26795
http://secunia.com/advisories/26795
26834
http://secunia.com/advisories/26834
3135
http://securityreason.com/securityalert/3135
ADV-2007-3120
http://www.vupen.com/english/advisories/2007/3120
FEDORA-2007-2145
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html
RHSA-2007:1016
http://www.redhat.com/support/errata/RHSA-2007-1016.html
RHSA-2007:1017
http://www.redhat.com/support/errata/RHSA-2007-1017.html
SSA:2007-255-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439
TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://docs.info.apple.com/article.html?artnum=307179
http://www.samba.org/samba/security/CVE-2007-4138.html
https://issues.rpath.com/browse/RPL-1705
oval:org.mitre.oval:def:10375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10375
samba-smb-privilege-escalation(36560)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36560

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.59013
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2007-255-02)
Resumen:	The remote host is missing an update for the 'samba' package(s) announced via the SSA:2007-255-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the SSA:2007-255-02 advisory. Vulnerability Insight: New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a security issue and various other bugs. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/samba-3.0.26a-i486-1_slack12.0.tgz: Upgraded to samba-3.0.26a. This fixes a security issue in all Samba 3.0.25 versions: 'Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin.' For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4138 1018681 http://www.securitytracker.com/id?1018681 20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default http://www.securityfocus.com/archive/1/479078/100/0/threaded 25636 http://www.securityfocus.com/bid/25636 26764 http://secunia.com/advisories/26764 26776 http://secunia.com/advisories/26776 26795 http://secunia.com/advisories/26795 26834 http://secunia.com/advisories/26834 3135 http://securityreason.com/securityalert/3135 ADV-2007-3120 http://www.vupen.com/english/advisories/2007/3120 FEDORA-2007-2145 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html RHSA-2007:1016 http://www.redhat.com/support/errata/RHSA-2007-1016.html RHSA-2007:1017 http://www.redhat.com/support/errata/RHSA-2007-1017.html SSA:2007-255-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439 TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://docs.info.apple.com/article.html?artnum=307179 http://www.samba.org/samba/security/CVE-2007-4138.html https://issues.rpath.com/browse/RPL-1705 oval:org.mitre.oval:def:10375 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10375 samba-smb-privilege-escalation(36560) https://exchange.xforce.ibmcloud.com/vulnerabilities/36560
Copyright	Copyright (C) 2012 Greenbone AG