Test ID:	1.3.6.1.4.1.25623.1.0.60006
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1427-1)
Summary:	The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1427-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1427-1 advisory. Vulnerability Insight: Alin Rad Pop discovered that Samba, a LanManager-like file and printer server for Unix, is vulnerable to a buffer overflow in the nmbd code which handles GETDC mailslot requests, which might lead to the execution of arbitrary code. For the old stable distribution (sarge), this problem has been fixed in version 3.0.14a-3sarge11. Packages for m68k will be provided later. For the stable distribution (etch), this problem has been fixed in version 3.0.24-6etch9. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your samba packages. Affected Software/OS: 'samba' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6015 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html BugTraq ID: 26791 http://www.securityfocus.com/bid/26791 Bugtraq: 20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability (Google Search) http://www.securityfocus.com/archive/1/484818/100/0/threaded Bugtraq: 20071210 [SECURITY] Buffer overrun in send_mailslot() (Google Search) http://www.securityfocus.com/archive/1/484825/100/0/threaded Bugtraq: 20071210 rPSA-2007-0261-1 samba samba-swat (Google Search) http://www.securityfocus.com/archive/1/484827/100/0/threaded Bugtraq: 20071214 POC for samba send_mailslot() (Google Search) http://www.securityfocus.com/archive/1/485144/100/0/threaded Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search) http://www.securityfocus.com/archive/1/488457/100/0/threaded Cert/CC Advisory: TA08-043B http://www.us-cert.gov/cas/techalerts/TA08-043B.html CERT/CC vulnerability note: VU#438395 http://www.kb.cert.org/vuls/id/438395 Debian Security Information: DSA-1427 (Google Search) http://www.debian.org/security/2007/dsa-1427 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html http://security.gentoo.org/glsa/glsa-200712-10.xml HPdes Security Advisory: HPSBUX02316 http://marc.info/?l=bugtraq&m=120524782005154&w=2 HPdes Security Advisory: HPSBUX02341 http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657 HPdes Security Advisory: SSRT071495 HPdes Security Advisory: SSRT080075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:244 http://secunia.com/secunia_research/2007-99/advisory/ http://lists.vmware.com/pipermail/security-announce/2008/000005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605 http://www.redhat.com/support/errata/RHSA-2007-1114.html http://www.redhat.com/support/errata/RHSA-2007-1117.html http://www.securitytracker.com/id?1019065 http://secunia.com/advisories/27760 http://secunia.com/advisories/27894 http://secunia.com/advisories/27977 http://secunia.com/advisories/27993 http://secunia.com/advisories/27999 http://secunia.com/advisories/28003 http://secunia.com/advisories/28028 http://secunia.com/advisories/28029 http://secunia.com/advisories/28037 http://secunia.com/advisories/28067 http://secunia.com/advisories/28089 http://secunia.com/advisories/28891 http://secunia.com/advisories/29032 http://secunia.com/advisories/29341 http://secunia.com/advisories/30484 http://secunia.com/advisories/30835 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554 http://securityreason.com/securityalert/3438 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1 SuSE Security Announcement: SUSE-SA:2007:068 (Google Search) http://www.novell.com/linux/security/advisories/2007_68_samba.html http://www.ubuntu.com/usn/usn-556-1 http://www.vupen.com/english/advisories/2007/4153 http://www.vupen.com/english/advisories/2008/0495/references http://www.vupen.com/english/advisories/2008/0637 http://www.vupen.com/english/advisories/2008/0859/references http://www.vupen.com/english/advisories/2008/1712/references http://www.vupen.com/english/advisories/2008/1908 XForce ISS Database: samba-sendmailslot-bo(38965) https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.