Test ID:	1.3.6.1.4.1.25623.1.0.64311
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1823-1)
Summary:	The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1823-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'samba' package(s) announced via the DSA-1823-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1886 The smbclient utility contains a formatstring vulnerability where commands dealing with file names treat user input as format strings to asprintf. CVE-2009-1888 In the smbd daemon, if a user is trying to modify an access control list (ACL) and is denied permission, this deny may be overridden if the parameter 'dos filemode' is set to 'yes' in the smb.conf and the user already has write access to the file. The old stable distribution (etch) is not affected by these problems. For the stable distribution (lenny), these problems have been fixed in version 3.2.5-4lenny6. The unstable distribution (sid), which is only affected by CVE-2009-1888, will be fixed soon. We recommend that you upgrade your samba package. Affected Software/OS: 'samba' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1886 1022441 http://www.securitytracker.com/id?1022441 35472 http://www.securityfocus.com/bid/35472 35539 http://secunia.com/advisories/35539 35573 http://secunia.com/advisories/35573 35606 http://secunia.com/advisories/35606 36918 http://secunia.com/advisories/36918 ADV-2009-1664 http://www.vupen.com/english/advisories/2009/1664 DSA-1823 http://www.debian.org/security/2009/dsa-1823 MDVSA-2009:196 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 SSA:2009-177-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591 USN-839-1 http://www.ubuntu.com/usn/USN-839-1 http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch http://www.samba.org/samba/security/CVE-2009-1886.html https://bugzilla.samba.org/show_bug.cgi?id=6478 samba-smbclient-format-string(51328) https://exchange.xforce.ibmcloud.com/vulnerabilities/51328 Common Vulnerability Exposure (CVE) ID: CVE-2009-1888 1022442 http://www.securitytracker.com/id?1022442 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat http://www.securityfocus.com/archive/1/507856/100/0/threaded http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch http://www.samba.org/samba/security/CVE-2009-1888.html oval:org.mitre.oval:def:10790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790 oval:org.mitre.oval:def:7292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292 samba-acl-security-bypass(51327) https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.