Test ID:	1.3.6.1.4.1.25623.1.0.52800
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2004:2102
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2004:2102. Karol Wiesek discovered an input validation issue in Samba prior to 3.0.6. An authenticated user could send a carefully crafted request to the Samba server, which would allow access to files outside of the configured file share. Note: Such files would have to be readable by the account used for the connection. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0815 to this issue. Users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-2.2.12, which is not vulnerable to this issue. Affected platforms: Redhat 7.3 Redhat 9 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:2102 http://us4.samba.org/samba/news/#security_2.2.12 http://rhn.redhat.com/errata/RHSA-2004-498.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 11281 Common Vulnerability Exposure (CVE) ID: CVE-2004-0815 http://www.securityfocus.com/bid/11281 Bugtraq: 20040930 Samba Security Announcement -- Potential Arbitrary File Access (Google Search) http://marc.info/?l=bugtraq&m=109655827913457&w=2 Bugtraq: 20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815) (Google Search) http://www.securityfocus.com/archive/1/377618 Conectiva Linux advisory: CLA-2004:873 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 Debian Security Information: DSA-600 (Google Search) http://www.debian.org/security/2004/dsa-600 https://bugzilla.fedora.us/show_bug.cgi?id=2102 http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104 http://www.redhat.com/support/errata/RHSA-2004-498.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 SuSE Security Announcement: SUSE-SA:2004:035 (Google Search) http://www.novell.com/linux/security/advisories/2004_35_samba.html http://www.trustix.org/errata/2004/0051/ XForce ISS Database: samba-file-access(17556) https://exchange.xforce.ibmcloud.com/vulnerabilities/17556
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.