Test ID:	1.3.6.1.4.1.25623.1.0.11168
Category:	Gain root remotely
Title:	Samba Unicode Buffer Overflow
Summary:	NOSUMMARY
Description:	Description: The remote Samba server, according to its version number, has a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. Solution : upgrade to Samba 2.2.7 Risk factor : High
Cross-Ref:	BugTraq ID: 6210 Common Vulnerability Exposure (CVE) ID: CVE-1999-0182 Cert/CC Advisory: VB-97.10.samba Computer Incident Advisory Center Bulletin: H-110 http://www.ciac.org/ciac/bulletins/h-110.shtml XForce ISS Database: nt-samba-bo Common Vulnerability Exposure (CVE) ID: CVE-2002-1318 http://www.securityfocus.com/bid/6210 Bugtraq: 20021121 GLSA: samba (Google Search) http://marc.info/?l=bugtraq&m=103801986818076&w=2 Bugtraq: 20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=103859045302448&w=2 CERT/CC vulnerability note: VU#958321 http://www.kb.cert.org/vuls/id/958321 Computer Incident Advisory Center Bulletin: N-019 http://www.ciac.org/ciac/bulletins/n-019.shtml Computer Incident Advisory Center Bulletin: N-023 http://www.ciac.org/ciac/bulletins/n-023.shtml Conectiva Linux advisory: CLA-2002:550 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Debian Security Information: DSA-200 (Google Search) http://www.debian.org/security/2002/dsa-200 HPdes Security Advisory: HPSBUX0212-230 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467 http://www.redhat.com/support/errata/RHSA-2002-266.html SGI Security Advisory: 20021204-01-I ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580 SuSE Security Announcement: SuSE-SA:2002:045 (Google Search) http://www.novell.com/linux/security/advisories/2002_045_samba.html XForce ISS Database: samba-password-change-bo(10683) https://exchange.xforce.ibmcloud.com/vulnerabilities/10683
Copyright	This script is Copyright (C) 2002 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.