Test ID:	1.3.6.1.4.1.25623.1.0.841871
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2257-1)
Summary:	The remote host is missing an update for the 'samba' package(s) announced via the USN-2257-1 advisory.
Description:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the USN-2257-1 advisory. Vulnerability Insight: Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178) It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239) Daniel Berteaud discovered that the Samba NetBIOS name service daemon incorrectly handled certain malformed packets. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0244) Simon Arlott discovered that Samba incorrectly handled certain unicode path names. A remote authenticated attacker could use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2014-3493) Affected Software/OS: 'samba' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 13.10, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0178 BugTraq ID: 67686 http://www.securityfocus.com/bid/67686 Bugtraq: 20140711 [ MDVSA-2014:136 ] samba (Google Search) http://www.securityfocus.com/archive/1/532757/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://security.gentoo.org/glsa/glsa-201502-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:136 http://www.mandriva.com/security/advisories?name=MDVSA-2015:082 http://www.securitytracker.com/id/1030308 http://secunia.com/advisories/59378 http://secunia.com/advisories/59407 http://secunia.com/advisories/59579 Common Vulnerability Exposure (CVE) ID: CVE-2014-0239 BugTraq ID: 67691 http://www.securityfocus.com/bid/67691 http://www.securitytracker.com/id/1030309 Common Vulnerability Exposure (CVE) ID: CVE-2014-0244 1030455 http://www.securitytracker.com/id/1030455 20140711 [ MDVSA-2014:136 ] samba 59378 59407 59433 http://secunia.com/advisories/59433 59579 59834 http://secunia.com/advisories/59834 59848 http://secunia.com/advisories/59848 59919 http://secunia.com/advisories/59919 61218 http://secunia.com/advisories/61218 68148 http://www.securityfocus.com/bid/68148 FEDORA-2014-7672 FEDORA-2014-9132 GLSA-201502-15 MDVSA-2014:136 MDVSA-2015:082 RHSA-2014:0866 http://rhn.redhat.com/errata/RHSA-2014-0866.html http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://www.samba.org/samba/security/CVE-2014-0244 https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1 https://bugzilla.redhat.com/show_bug.cgi?id=1097815 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993 Common Vulnerability Exposure (CVE) ID: CVE-2014-3493 68150 http://www.securityfocus.com/bid/68150 http://www.samba.org/samba/security/CVE-2014-3493 https://bugzilla.redhat.com/show_bug.cgi?id=1108748
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.