English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58012
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1257)
Summary:The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1257 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1257 advisory.

Vulnerability Insight:
Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-0452

It was discovered that incorrect handling of deferred file open calls may lead to an infinite loop, which results in denial of service.

CVE-2007-0454

'zybadawg333' discovered that the AFS ACL mapping VFS plugin performs insecure format string handling, which may lead to the execution of arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 3.0.14a-3sarge4.

For the upcoming stable distribution (etch) these problems have been fixed in version 3.0.23d-5.

For the unstable distribution (sid) these problems have been fixed in version 3.0.23d-5.

We recommend that you upgrade your samba package.

Affected Software/OS:
'samba' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0452
1017587
http://securitytracker.com/id?1017587
200588
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
2007-0007
http://www.trustix.org/errata/2007/0007
20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d
http://www.securityfocus.com/archive/1/459167/100/0/threaded
20070207 rPSA-2007-0026-1 samba samba-swat
http://www.securityfocus.com/archive/1/459365/100/0/threaded
2219
http://securityreason.com/securityalert/2219
22395
http://www.securityfocus.com/bid/22395
24021
http://secunia.com/advisories/24021
24030
http://secunia.com/advisories/24030
24046
http://secunia.com/advisories/24046
24060
http://secunia.com/advisories/24060
24067
http://secunia.com/advisories/24067
24076
http://secunia.com/advisories/24076
24101
http://secunia.com/advisories/24101
24140
http://secunia.com/advisories/24140
24145
http://secunia.com/advisories/24145
24151
http://secunia.com/advisories/24151
24188
http://secunia.com/advisories/24188
24284
http://secunia.com/advisories/24284
24792
http://secunia.com/advisories/24792
33100
http://osvdb.org/33100
ADV-2007-0483
http://www.vupen.com/english/advisories/2007/0483
ADV-2007-1278
http://www.vupen.com/english/advisories/2007/1278
DSA-1257
http://www.debian.org/security/2007/dsa-1257
FEDORA-2007-219
http://fedoranews.org/cms/node/2579
FEDORA-2007-220
http://fedoranews.org/cms/node/2580
GLSA-200702-01
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
HPSBUX02204
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462
MDKSA-2007:034
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
RHSA-2007:0060
http://www.redhat.com/support/errata/RHSA-2007-0060.html
RHSA-2007:0061
http://www.redhat.com/support/errata/RHSA-2007-0061.html
SSA:2007-038-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
SSRT071341
SUSE-SA:2007:016
http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html
USN-419-1
http://www.ubuntu.com/usn/usn-419-1
http://us1.samba.org/samba/security/CVE-2007-0452.html
https://issues.rpath.com/browse/RPL-1005
oval:org.mitre.oval:def:9758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9758
samba-smbd-filerename-dos(32301)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32301
Common Vulnerability Exposure (CVE) ID: CVE-2007-0454
1017588
http://securitytracker.com/id?1017588
20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin
http://www.securityfocus.com/archive/1/459179/100/0/threaded
22403
http://www.securityfocus.com/bid/22403
33101
http://osvdb.org/33101
OpenPKG-SA-2007.012
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
VU#649732
http://www.kb.cert.org/vuls/id/649732
http://us1.samba.org/samba/security/CVE-2007-0454.html
samba-afsacl-format-string(32304)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.