Test ID:	1.3.6.1.4.1.25623.1.0.59103
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-419-1 (samba)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to samba announced via advisory USN-419-1. A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: A flaw was discovered in Samba's file opening code, which in certain situations could lead to an endless loop, resulting in a denial of service. (CVE-2007-0452) A format string overflow was discovered in Samba's ACL handling on AFS shares. Remote users with access to an AFS share could create crafted filenames and execute arbitrary code with root privileges. (CVE-2007-0454) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: samba 3.0.14a-6ubuntu1.2 Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.2 Ubuntu 6.10: samba 3.0.22-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-419-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0452 1017587 http://securitytracker.com/id?1017587 200588 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1 2007-0007 http://www.trustix.org/errata/2007/0007 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc 20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d http://www.securityfocus.com/archive/1/459167/100/0/threaded 20070207 rPSA-2007-0026-1 samba samba-swat http://www.securityfocus.com/archive/1/459365/100/0/threaded 2219 http://securityreason.com/securityalert/2219 22395 http://www.securityfocus.com/bid/22395 24021 http://secunia.com/advisories/24021 24030 http://secunia.com/advisories/24030 24046 http://secunia.com/advisories/24046 24060 http://secunia.com/advisories/24060 24067 http://secunia.com/advisories/24067 24076 http://secunia.com/advisories/24076 24101 http://secunia.com/advisories/24101 24140 http://secunia.com/advisories/24140 24145 http://secunia.com/advisories/24145 24151 http://secunia.com/advisories/24151 24188 http://secunia.com/advisories/24188 24284 http://secunia.com/advisories/24284 24792 http://secunia.com/advisories/24792 33100 http://osvdb.org/33100 ADV-2007-0483 http://www.vupen.com/english/advisories/2007/0483 ADV-2007-1278 http://www.vupen.com/english/advisories/2007/1278 DSA-1257 http://www.debian.org/security/2007/dsa-1257 FEDORA-2007-219 http://fedoranews.org/cms/node/2579 FEDORA-2007-220 http://fedoranews.org/cms/node/2580 GLSA-200702-01 http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml HPSBUX02204 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462 MDKSA-2007:034 http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 RHSA-2007:0060 http://www.redhat.com/support/errata/RHSA-2007-0060.html RHSA-2007:0061 http://www.redhat.com/support/errata/RHSA-2007-0061.html SSA:2007-038-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 SSRT071341 SUSE-SA:2007:016 http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html USN-419-1 http://www.ubuntu.com/usn/usn-419-1 http://us1.samba.org/samba/security/CVE-2007-0452.html https://issues.rpath.com/browse/RPL-1005 oval:org.mitre.oval:def:9758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9758 samba-smbd-filerename-dos(32301) https://exchange.xforce.ibmcloud.com/vulnerabilities/32301 Common Vulnerability Exposure (CVE) ID: CVE-2007-0454 1017588 http://securitytracker.com/id?1017588 20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin http://www.securityfocus.com/archive/1/459179/100/0/threaded 22403 http://www.securityfocus.com/bid/22403 33101 http://osvdb.org/33101 OpenPKG-SA-2007.012 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html VU#649732 http://www.kb.cert.org/vuls/id/649732 http://us1.samba.org/samba/security/CVE-2007-0454.html samba-afsacl-format-string(32304) https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.