Test ID:	1.3.6.1.4.1.25623.1.0.50939
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:138
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:138. Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Note that this is a different vulnerability than the one fixed by RHSA-2003:096. An exploit for this vulnerability is publicly available. All users of Samba are advised to update to the packages listed in this erratum, which contain a backported patch correcting this vulnerability. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-138.html http://www.digitaldefense.net/labs/advisories/DDI-1013.txt Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0196 Bugtraq: 20030407 Immunix Secured OS 7+ samba update (Google Search) http://marc.info/?l=bugtraq&m=104974612519064&w=2 Bugtraq: 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=104973186901597&w=2 Debian Security Information: DSA-280 (Google Search) http://www.debian.org/security/2003/dsa-280 http://www.mandriva.com/security/advisories?name=MDKSA-2003:044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564 http://www.redhat.com/support/errata/RHSA-2003-137.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0201 BugTraq ID: 7294 http://www.securityfocus.com/bid/7294 Bugtraq: 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=104972664226781&w=2 Bugtraq: 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08 (Google Search) http://marc.info/?l=bugtraq&m=104981682014565&w=2 Bugtraq: 20030409 GLSA: samba (200304-02) (Google Search) http://marc.info/?l=bugtraq&m=104994564212488&w=2 CERT/CC vulnerability note: VU#267873 http://www.kb.cert.org/vuls/id/267873 Conectiva Linux advisory: CLA-2003:624 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624 http://www.digitaldefense.net/labs/advisories/DDI-1013.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567 SGI Security Advisory: 20030403-01-P ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P SuSE Security Announcement: SuSE-SA:2003:025 (Google Search) http://www.novell.com/linux/security/advisories/2003_025_samba.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.