Test ID:	1.3.6.1.4.1.25623.1.0.67133
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-918-1 (samba)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to samba announced via advisory USN-918-1. Details follow: It was discovered the Samba handled symlinks in an unexpected way when both wide links and UNIX extensions were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server. ATTENTION: This update changes the default samba behaviour. For security reasons, it is no longer possible to use wide links and UNIX extensions at the same time. After applying this security update, wide links will be disabled automatically as UNIX extensions are turned on by default. If wide links are required, you can re-enable them by adding unix extensions = no to the [global] section of the /etc/samba/smb.conf configuration file. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.11 Ubuntu 8.04 LTS: samba 3.0.28a-1ubuntu4.11 Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.8 Ubuntu 9.04: samba 2:3.3.2-1ubuntu3.4 Ubuntu 9.10: samba 2:3.4.0-3ubuntu5.6 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-918-1 Risk factor : Medium CVSS Score: 3.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0926 http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0107.html http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0108.html http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0083.html http://marc.info/?l=full-disclosure&m=126538598820903&w=2 http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html http://marc.info/?l=oss-security&m=126540402215620&w=2 http://marc.info/?l=oss-security&m=126540733320471&w=2 http://marc.info/?l=oss-security&m=126539592603079&w=2 http://marc.info/?l=oss-security&m=126545363428745&w=2 http://www.openwall.com/lists/oss-security/2010/02/06/3 http://marc.info/?l=oss-security&m=126777580624790&w=2 http://www.openwall.com/lists/oss-security/2010/03/05/3 http://marc.info/?l=samba-technical&m=126539387432412&w=2 http://marc.info/?l=samba-technical&m=126540100511357&w=2 http://marc.info/?l=samba-technical&m=126540248613395&w=2 http://marc.info/?l=samba-technical&m=126540277713815&w=2 http://marc.info/?l=samba-technical&m=126540290614053&w=2 http://marc.info/?l=samba-technical&m=126540376915283&w=2 http://marc.info/?l=samba-technical&m=126540475116511&w=2 http://marc.info/?l=samba-technical&m=126540477016522&w=2 http://marc.info/?l=samba-technical&m=126540539117328&w=2 http://marc.info/?l=samba-technical&m=126540608318301&w=2 http://marc.info/?l=samba-technical&m=126540695819735&w=2 http://marc.info/?l=samba-technical&m=126540011609753&w=2 http://marc.info/?l=samba-technical&m=126547903723628&w=2 http://marc.info/?l=samba-technical&m=126548356728379&w=2 http://marc.info/?l=samba-technical&m=126549111204428&w=2 http://marc.info/?l=samba-technical&m=126555346721629&w=2 http://secunia.com/advisories/39317 SuSE Security Announcement: SUSE-SR:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.