English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54041
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2004:045 (samba)
Summary:SuSE Security Advisory SUSE-SA:2004:045 (samba)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2004:045.

The Samba developers informed us about several potential integer overflow
issues in the Samba 2 and Samba 3 code.
This update adds constraints to the Samba server code which protects it
from using values from untrusted sources as operands in arithmetic
operations to determine heap memory space needed to copy data.
Without these limitations a remote attacker may be able to overflow the
heap memory of the process and to overwrite vital information structures
which can be abused to execute arbitrary code.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2004:045

Risk factor : Critical
Cross-Ref: BugTraq ID: 11973
Common Vulnerability Exposure (CVE) ID: CVE-2004-1154
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Debian Security Information: DSA-701 (Google Search)
http://www.debian.org/security/2005/dsa-701
http://www.redhat.com/support/errata/RHSA-2005-020.html
SCO Security Bulletin: SCOSA-2005.17
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1
SuSE Security Announcement: SUSE-SA:2004:045 (Google Search)
http://www.novell.com/linux/security/advisories/2004_45_samba.html
CERT/CC vulnerability note: VU#226184
http://www.kb.cert.org/vuls/id/226184
http://www.securityfocus.com/bid/11973
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1459
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:642
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10236
http://secunia.com/advisories/13453/
XForce ISS Database: samba-msrpc-heap-corruption(18519)
http://xforce.iss.net/xforce/xfdb/18519
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.