Test ID:	1.3.6.1.4.1.25623.1.0.51368
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:873
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:873. Samba[1] provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows(TM). This announcement fixes two denial of service vulnerabilities via certain malformed requests[2] and via a SAM_UAS_CHANGE request with a big length value[3] when domain logons are enabled. It also fixes a problem[4] in the input validation routines used to convert DOS path names to path names on the Samba host's file system that could be exploited to gain access to files outside of the share's path defined by smb.conf. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.samba.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:873 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0807 Bugtraq: 20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808) (Google Search) http://marc.info/?l=bugtraq&m=109509335230495&w=2 Bugtraq: 20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=109526231623307&w=2 Conectiva Linux advisory: CLA-2004:873 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141 http://www.redhat.com/support/errata/RHSA-2004-467.html SGI Security Advisory: 20041201-01-P ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P http://www.trustix.net/errata/2004/0046/ Common Vulnerability Exposure (CVE) ID: CVE-2004-0808 http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344 Common Vulnerability Exposure (CVE) ID: CVE-2004-0815 BugTraq ID: 11281 http://www.securityfocus.com/bid/11281 Bugtraq: 20040930 Samba Security Announcement -- Potential Arbitrary File Access (Google Search) http://marc.info/?l=bugtraq&m=109655827913457&w=2 Bugtraq: 20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815) (Google Search) http://www.securityfocus.com/archive/1/377618 Debian Security Information: DSA-600 (Google Search) http://www.debian.org/security/2004/dsa-600 https://bugzilla.fedora.us/show_bug.cgi?id=2102 http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104 http://www.redhat.com/support/errata/RHSA-2004-498.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 SuSE Security Announcement: SUSE-SA:2004:035 (Google Search) http://www.novell.com/linux/security/advisories/2004_35_samba.html http://www.trustix.org/errata/2004/0051/ XForce ISS Database: samba-file-access(17556) https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.