Test ID:	1.3.6.1.4.1.25623.1.0.67562
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:119 (samba)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to samba announced via advisory MDVSA-2010:119. A vulnerability has been discovered and corrected in samba: Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code (CVE-2010-2063). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:119 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2063 1024107 http://www.securitytracker.com/id?1024107 20100616 Samba 3.3.12 Memory Corruption Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 40145 http://secunia.com/advisories/40145 40210 http://secunia.com/advisories/40210 40221 http://secunia.com/advisories/40221 40293 http://secunia.com/advisories/40293 40884 http://www.securityfocus.com/bid/40884 42319 http://secunia.com/advisories/42319 65518 http://osvdb.org/65518 ADV-2010-1486 http://www.vupen.com/english/advisories/2010/1486 ADV-2010-1504 http://www.vupen.com/english/advisories/2010/1504 ADV-2010-1505 http://www.vupen.com/english/advisories/2010/1505 ADV-2010-1507 http://www.vupen.com/english/advisories/2010/1507 ADV-2010-1517 http://www.vupen.com/english/advisories/2010/1517 ADV-2010-3063 http://www.vupen.com/english/advisories/2010/3063 APPLE-SA-2010-08-24-1 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html DSA-2061 http://www.debian.org/security/2010/dsa-2061 HPSBUX02609 http://marc.info/?l=bugtraq&m=129138831608422&w=2 HPSBUX02657 http://marc.info/?l=bugtraq&m=130835366526620&w=2 MDVSA-2010:119 http://www.mandriva.com/security/advisories?name=MDVSA-2010:119 RHSA-2010:0488 http://www.redhat.com/support/errata/RHSA-2010-0488.html SSA:2010-169-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914 SSRT100147 SSRT100460 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html USN-951-1 http://ubuntu.com/usn/usn-951-1 [samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://support.apple.com/kb/HT4312 http://www.samba.org/samba/ftp/history/samba-3.3.13.html http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch http://www.samba.org/samba/security/CVE-2010-2063.html oval:org.mitre.oval:def:12427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427 oval:org.mitre.oval:def:7115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115 oval:org.mitre.oval:def:9859 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859 samba-smb1-code-execution(59481) https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.