Slackware Local Security Checks : Slackware: Security Advisory (SSA:2017-144-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.13.2017.144.01

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2017-144-01)

Resumen: The remote host is missing an update for the 'samba' package(s) announced via the SSA:2017-144-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'samba' package(s) announced via the SSA:2017-144-01 advisory.

Vulnerability Insight:
New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded.
This update fixes a remote code execution vulnerability, allowing a
malicious client to upload a shared library to a writable share, and
then cause the server to load and execute it.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'samba' package(s) on Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-7494
1038552
http://www.securitytracker.com/id/1038552
42060
https://www.exploit-db.com/exploits/42060/
42084
https://www.exploit-db.com/exploits/42084/
98636
http://www.securityfocus.com/bid/98636
DSA-3860
http://www.debian.org/security/2017/dsa-3860
GLSA-201805-07
https://security.gentoo.org/glsa/201805-07
RHSA-2017:1270
https://access.redhat.com/errata/RHSA-2017:1270
RHSA-2017:1271
https://access.redhat.com/errata/RHSA-2017:1271
RHSA-2017:1272
https://access.redhat.com/errata/RHSA-2017:1272
RHSA-2017:1273
https://access.redhat.com/errata/RHSA-2017:1273
RHSA-2017:1390
https://access.redhat.com/errata/RHSA-2017:1390
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us
https://security.netapp.com/advisory/ntap-20170524-0001/
https://www.samba.org/samba/security/CVE-2017-7494.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2017.144.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2017-144-01)
Resumen:	The remote host is missing an update for the 'samba' package(s) announced via the SSA:2017-144-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the SSA:2017-144-01 advisory. Vulnerability Insight: New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded. This update fixes a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'samba' package(s) on Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7494 1038552 http://www.securitytracker.com/id/1038552 42060 https://www.exploit-db.com/exploits/42060/ 42084 https://www.exploit-db.com/exploits/42084/ 98636 http://www.securityfocus.com/bid/98636 DSA-3860 http://www.debian.org/security/2017/dsa-3860 GLSA-201805-07 https://security.gentoo.org/glsa/201805-07 RHSA-2017:1270 https://access.redhat.com/errata/RHSA-2017:1270 RHSA-2017:1271 https://access.redhat.com/errata/RHSA-2017:1271 RHSA-2017:1272 https://access.redhat.com/errata/RHSA-2017:1272 RHSA-2017:1273 https://access.redhat.com/errata/RHSA-2017:1273 RHSA-2017:1390 https://access.redhat.com/errata/RHSA-2017:1390 https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us https://security.netapp.com/advisory/ntap-20170524-0001/ https://www.samba.org/samba/security/CVE-2017-7494.html
Copyright	Copyright (C) 2022 Greenbone AG