Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52905
Category:Turbolinux Local Security Tests
Title:Turbolinux TLSA-2004-32 (samba)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to samba
announced via advisory TLSA-2004-32.

Samba is an Open Source/Free Software suite that provides seamless file
and print services to SMB/CIFS clients. Samba is freely available,
unlike other SMB/CIFS implementations, and allows for interoperability
between Linux/Unix servers and Windows-based clients.

The vulnerabilities:

- A buffer overflow in the QFILEPATHINFO request handler.

- A vulnerability in the input validation routines used to match filename
strings containing wildcard characters.

The QFILEPATHINFO vulnerability may allow remote attackers to execute
arbitrary code using a TRANSACT2_QFILEPATHINFO request with a small
maximum data bytes value.

The wildcard character vulnerability may allow remote authenticated
users to cause a denial of service of Samba.

Solution: Please use the turbopkg (zabom) tool to apply the update.
http://www.securityspace.com/smysecure/catid.html?in=TLSA-2004-32

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0882
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=110054671403755&w=2
Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search)
http://marc.info/?l=bugtraq&m=110055646329581&w=2
Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=110330519803655&w=2
CERT/CC vulnerability note: VU#457622
http://www.kb.cert.org/vuls/id/457622
Computer Incident Advisory Center Bulletin: P-038
http://www.ciac.org/ciac/bulletins/p-038.shtml
Conectiva Linux advisory: CLA-2004:899
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
http://security.e-matters.de/advisories/132004.html
http://www.osvdb.org/11782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
SCO Security Bulletin: SCOSA-2005.17
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
http://securitytracker.com/id?1012235
http://secunia.com/advisories/13189
SGI Security Advisory: 20041201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
SuSE Security Announcement: SUSE-SA:2004:040 (Google Search)
http://www.novell.com/linux/security/advisories/2004_40_samba.html
http://www.trustix.net/errata/2004/0058/
XForce ISS Database: samba-qfilepathinfo-bo(18070)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
Common Vulnerability Exposure (CVE) ID: CVE-2004-0930
BugTraq ID: 11624
http://www.securityfocus.com/bid/11624
Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=109993720717957&w=2
http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml
http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false
http://www.mandriva.com/security/advisories?name=MDKSA-2004:131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1
https://www.ubuntu.com/usn/usn-22-1/
XForce ISS Database: samba-msfnmatch-dos(17987)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17987
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.