ID de Prueba:	1.3.6.1.4.1.25623.1.0.871076
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for samba4 RHSA-2013:1543-02
Resumen:	The remote host is missing an update for the 'samba4'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'samba4' package(s) announced via the referenced advisory. Vulnerability Insight: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs: * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. Affected Software/OS: samba4 on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4124 Bugtraq: 20130806 [slackware-security] samba (SSA:2013-218-03) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://security.gentoo.org/glsa/glsa-201502-15.xml HPdes Security Advisory: HPSBUX03087 http://marc.info/?l=bugtraq&m=141660010015249&w=2 HPdes Security Advisory: SSRT101413 http://www.mandriva.com/security/advisories?name=MDVSA-2013:207 http://osvdb.org/95969 RedHat Security Advisories: RHSA-2013:1310 http://rhn.redhat.com/errata/RHSA-2013-1310.html RedHat Security Advisories: RHSA-2013:1542 http://rhn.redhat.com/errata/RHSA-2013-1542.html RedHat Security Advisories: RHSA-2013:1543 http://rhn.redhat.com/errata/RHSA-2013-1543.html RedHat Security Advisories: RHSA-2014:0305 http://rhn.redhat.com/errata/RHSA-2014-0305.html http://www.securitytracker.com/id/1028882 http://secunia.com/advisories/54519 SuSE Security Announcement: openSUSE-SU-2013:1339 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html SuSE Security Announcement: openSUSE-SU-2013:1349 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html http://www.ubuntu.com/usn/USN-1966-1 XForce ISS Database: samba-cve20134121-dos(86185) https://exchange.xforce.ibmcloud.com/vulnerabilities/86185
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.