Test ID:	1.3.6.1.4.1.25623.1.0.51408
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:624
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:624. Samba provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows(TM). The Digital Defense team found[1] a stack overflow vulnerability in the samba SMB protocol implementation. A remote attacker can exploit this vulnerability to gain root access to a system running a samba server. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0201 to this issue[2]. Please note this is not a re-edition of the previous samba security update[3]. This vulnerability was independently discovered some days later. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.digitaldefense.net/labs/advisories/DDI-1013.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000615&idioma=en http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:624 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	BugTraq ID: 7294 Common Vulnerability Exposure (CVE) ID: CVE-2003-0201 http://www.securityfocus.com/bid/7294 Bugtraq: 20030407 Immunix Secured OS 7+ samba update (Google Search) http://marc.info/?l=bugtraq&m=104974612519064&w=2 Bugtraq: 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=104972664226781&w=2 Bugtraq: 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08 (Google Search) http://marc.info/?l=bugtraq&m=104981682014565&w=2 Bugtraq: 20030409 GLSA: samba (200304-02) (Google Search) http://marc.info/?l=bugtraq&m=104994564212488&w=2 CERT/CC vulnerability note: VU#267873 http://www.kb.cert.org/vuls/id/267873 Conectiva Linux advisory: CLA-2003:624 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624 Debian Security Information: DSA-280 (Google Search) http://www.debian.org/security/2003/dsa-280 http://www.mandriva.com/security/advisories?name=MDKSA-2003:044 http://www.digitaldefense.net/labs/advisories/DDI-1013.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567 http://www.redhat.com/support/errata/RHSA-2003-137.html SGI Security Advisory: 20030403-01-P ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P SuSE Security Announcement: SuSE-SA:2003:025 (Google Search) http://www.novell.com/linux/security/advisories/2003_025_samba.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.