Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51175
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:467
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2004:467.

Samba provides file and printer sharing services to SMB/CIFS clients.

The Samba team has discovered a denial of service bug in the smbd daemon.
A defect in smbd's ASN.1 parsing allows an attacker to send a specially
crafted packet during the authentication request which will send the newly
spawned smbd process into an infinite loop. Given enough of these packets,
it is possible to exhaust the available memory on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0807 to this issue.

Additionally the Samba team has also discovered a denial of service bug in
the nmbd daemon. It is possible that an attacker could send a specially
crafted UDP packet which could allow the attacker to anonymously
crash nmbd. This issue only affects nmbd daemons which are configured to
process domain logons. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0808 to this issue.

Users of Samba should upgrade to these updated packages, which contain an
upgrade to Samba-3.0.7, which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-467.html
http://us3.samba.org/samba/history/samba-3.0.7.html

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0807
Bugtraq: 20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) (Google Search)
http://marc.info/?l=bugtraq&m=109509335230495&w=2
Bugtraq: 20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=109526231623307&w=2
Conectiva Linux advisory: CLA-2004:873
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml
http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141
http://www.redhat.com/support/errata/RHSA-2004-467.html
SGI Security Advisory: 20041201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
http://www.trustix.net/errata/2004/0046/
Common Vulnerability Exposure (CVE) ID: CVE-2004-0808
http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.