Test ID:	1.3.6.1.4.1.25623.1.0.880650
Category:	CentOS Local Security Checks
Title:	CentOS Update for libtalloc CESA-2010:0488 centos5 i386
Summary:	The remote host is missing an update for the 'libtalloc'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libtalloc' package(s) announced via the referenced advisory. Vulnerability Insight: Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-2063) Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. Affected Software/OS: libtalloc on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2063 1024107 http://www.securitytracker.com/id?1024107 20100616 Samba 3.3.12 Memory Corruption Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 40145 http://secunia.com/advisories/40145 40210 http://secunia.com/advisories/40210 40221 http://secunia.com/advisories/40221 40293 http://secunia.com/advisories/40293 40884 http://www.securityfocus.com/bid/40884 42319 http://secunia.com/advisories/42319 65518 http://osvdb.org/65518 ADV-2010-1486 http://www.vupen.com/english/advisories/2010/1486 ADV-2010-1504 http://www.vupen.com/english/advisories/2010/1504 ADV-2010-1505 http://www.vupen.com/english/advisories/2010/1505 ADV-2010-1507 http://www.vupen.com/english/advisories/2010/1507 ADV-2010-1517 http://www.vupen.com/english/advisories/2010/1517 ADV-2010-3063 http://www.vupen.com/english/advisories/2010/3063 APPLE-SA-2010-08-24-1 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html DSA-2061 http://www.debian.org/security/2010/dsa-2061 HPSBUX02609 http://marc.info/?l=bugtraq&m=129138831608422&w=2 HPSBUX02657 http://marc.info/?l=bugtraq&m=130835366526620&w=2 MDVSA-2010:119 http://www.mandriva.com/security/advisories?name=MDVSA-2010:119 RHSA-2010:0488 http://www.redhat.com/support/errata/RHSA-2010-0488.html SSA:2010-169-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914 SSRT100147 SSRT100460 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html USN-951-1 http://ubuntu.com/usn/usn-951-1 [samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://support.apple.com/kb/HT4312 http://www.samba.org/samba/ftp/history/samba-3.3.13.html http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch http://www.samba.org/samba/security/CVE-2010-2063.html oval:org.mitre.oval:def:12427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427 oval:org.mitre.oval:def:7115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115 oval:org.mitre.oval:def:9859 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859 samba-smb1-code-execution(59481) https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.