Test ID:	1.3.6.1.4.1.25623.1.0.51353
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:854
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:854. Samba[1] provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows(TM). Evgeny Demidov noticed that the internal routine used by the Samba Web Administration Tool (SWAT) to decode the base64 data during HTTP basic authentication is subject[2] to a buffer overrun caused by an invalid base64 character. This same code is used internally to decode the sambaMungedDial attribute value when using the ldapsam passdb backend and to decode input given to the ntlm_auth tool. Another buffer overrun problem[3] has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.samba.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:854 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0600 Bugtraq: 20040722 SWAT PreAuthorization PoC (Google Search) http://marc.info/?l=bugtraq&m=109053195818351&w=2 Bugtraq: 20040722 Samba 3.x swat preauthentication buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109052647928375&w=2 Bugtraq: 20040722 Security Release - Samba 3.0.5 and 2.2.10 (Google Search) http://marc.info/?l=bugtraq&m=109051340810458&w=2 Bugtraq: 20040722 TSSA-2004-014 - samba (Google Search) http://marc.info/?l=bugtraq&m=109052891507263&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=109051533021376&w=2 Conectiva Linux advisory: CLA-2004:851 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 Conectiva Linux advisory: CLA-2004:854 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854 http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445 http://www.redhat.com/support/errata/RHSA-2004-259.html SuSE Security Announcement: SUSE-SA:2004:022 (Google Search) http://www.novell.com/linux/security/advisories/2004_22_samba.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: samba-swat-base64-bo(16785) https://exchange.xforce.ibmcloud.com/vulnerabilities/16785 Common Vulnerability Exposure (CVE) ID: CVE-2004-0686 http://marc.info/?l=bugtraq&m=109785827607823&w=2 HPdes Security Advisory: SSRT4782 http://marc.info/?l=bugtraq&m=109094272328981&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10461 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 XForce ISS Database: samba-mangling-method-bo(16786) https://exchange.xforce.ibmcloud.com/vulnerabilities/16786
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.