Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1528

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66118

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1528

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:1528.;;Samba is a suite of programs used by machines to share files, printers, and;other information.;;A denial of service flaw was found in the Samba smbd daemon. An;authenticated, remote user could send a specially-crafted response that;would cause an smbd child process to enter an infinite loop. An;authenticated, remote user could use this flaw to exhaust system resources;by opening multiple CIFS sessions. (CVE-2009-2906);;This update also fixes the following bug:;; * the RHSA-2007:0354 update added code to escape input passed to scripts;that are run by Samba. This code was missing c from the list of valid;characters, causing it to be escaped. With this update, the previous patch;has been updated to include c in the list of valid characters.;(BZ#242754);;Users of Samba should upgrade to these updated packages, which contain a;backported patch to correct this issue. After installing this update,;the smb service will be restarted automatically.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1528.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A denial of service flaw was found in the Samba smbd daemon. An
authenticated, remote user could send a specially-crafted response that
would cause an smbd child process to enter an infinite loop. An
authenticated, remote user could use this flaw to exhaust system resources
by opening multiple CIFS sessions. (CVE-2009-2906)

This update also fixes the following bug:

* the RHSA-2007:0354 update added code to escape input passed to scripts
that are run by Samba. This code was missing c from the list of valid
characters, causing it to be escaped. With this update, the previous patch
has been updated to include c in the list of valid characters.
(BZ#242754)

Users of Samba should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update,
the smb service will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2906
1021111
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
1022976
http://www.securitytracker.com/id?1022976
20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat
http://www.securityfocus.com/archive/1/507856/100/0/threaded
36573
http://www.securityfocus.com/bid/36573
36893
http://secunia.com/advisories/36893
36918
http://secunia.com/advisories/36918
36937
http://secunia.com/advisories/36937
36953
http://secunia.com/advisories/36953
37428
http://secunia.com/advisories/37428
58519
http://osvdb.org/58519
ADV-2009-2810
http://www.vupen.com/english/advisories/2009/2810
APPLE-SA-2010-03-29-1
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
FEDORA-2009-10172
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
FEDORA-2009-10180
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
SSA:2009-276-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
SUSE-SR:2009:017
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
USN-839-1
http://www.ubuntu.com/usn/USN-839-1
http://news.samba.org/releases/3.0.37/
http://news.samba.org/releases/3.2.15/
http://news.samba.org/releases/3.3.8/
http://news.samba.org/releases/3.4.2/
http://samba.org/samba/security/CVE-2009-2906.html
http://support.apple.com/kb/HT4077
http://wiki.rpath.com/Advisories:rPSA-2009-0145
oval:org.mitre.oval:def:7090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090
oval:org.mitre.oval:def:9944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944
samba-smb-dos(53575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53575

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66118
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1528
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1528.;;Samba is a suite of programs used by machines to share files, printers, and;other information.;;A denial of service flaw was found in the Samba smbd daemon. An;authenticated, remote user could send a specially-crafted response that;would cause an smbd child process to enter an infinite loop. An;authenticated, remote user could use this flaw to exhaust system resources;by opening multiple CIFS sessions. (CVE-2009-2906);;This update also fixes the following bug:;; * the RHSA-2007:0354 update added code to escape input passed to scripts;that are run by Samba. This code was missing c from the list of valid;characters, causing it to be escaped. With this update, the previous patch;has been updated to include c in the list of valid characters.;(BZ#242754);;Users of Samba should upgrade to these updated packages, which contain a;backported patch to correct this issue. After installing this update,;the smb service will be restarted automatically.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1528. Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to exhaust system resources by opening multiple CIFS sessions. (CVE-2009-2906) This update also fixes the following bug: * the RHSA-2007:0354 update added code to escape input passed to scripts that are run by Samba. This code was missing c from the list of valid characters, causing it to be escaped. With this update, the previous patch has been updated to include c in the list of valid characters. (BZ#242754) Users of Samba should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2906 1021111 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1 1022976 http://www.securitytracker.com/id?1022976 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat http://www.securityfocus.com/archive/1/507856/100/0/threaded 36573 http://www.securityfocus.com/bid/36573 36893 http://secunia.com/advisories/36893 36918 http://secunia.com/advisories/36918 36937 http://secunia.com/advisories/36937 36953 http://secunia.com/advisories/36953 37428 http://secunia.com/advisories/37428 58519 http://osvdb.org/58519 ADV-2009-2810 http://www.vupen.com/english/advisories/2009/2810 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html FEDORA-2009-10172 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html FEDORA-2009-10180 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html SSA:2009-276-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439 SUSE-SR:2009:017 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html USN-839-1 http://www.ubuntu.com/usn/USN-839-1 http://news.samba.org/releases/3.0.37/ http://news.samba.org/releases/3.2.15/ http://news.samba.org/releases/3.3.8/ http://news.samba.org/releases/3.4.2/ http://samba.org/samba/security/CVE-2009-2906.html http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2009-0145 oval:org.mitre.oval:def:7090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090 oval:org.mitre.oval:def:9944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944 samba-smb-dos(53575) https://exchange.xforce.ibmcloud.com/vulnerabilities/53575
Copyright	Copyright (C) 2009 E-Soft Inc.