| Description: | Summary:
The remote host is missing an update for the 'samba' package(s) announced via the SSA:2008-149-01 advisory.
Vulnerability Insight:
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
12.1, and -current to fix a security issue:
'Specifically crafted SMB responses can result in a heap overflow in the
Samba client code. Because the server process, smbd, can itself act as
a client during operations such as printer notification and domain
authentication, this issue affects both Samba client and server
installations.'
This flaw affects Samba versions from 3.0.0 through 3.0.29.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.30-i486-1_slack12.1.tgz:
Upgraded to samba-3.0.30.
This is a security release in order to address CVE-2008-1105 ('Boundary
failure when parsing SMB responses can result in a buffer overrun').
For more information on the security issue, see:
[link moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
