Test ID:	1.3.6.1.4.1.25623.1.0.881959
Category:	CentOS Local Security Checks
Title:	CentOS Update for libsmbclient CESA-2014:0866 centos6
Summary:	The remote host is missing an update for the 'libsmbclient'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libsmbclient' package(s) announced via the referenced advisory. Vulnerability Insight: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493. The Samba project acknowledges Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. Affected Software/OS: libsmbclient on CentOS 6 Solution: Please install the updated packages. CVSS Score: 3.3 CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0244 1030455 http://www.securitytracker.com/id/1030455 20140711 [ MDVSA-2014:136 ] samba http://www.securityfocus.com/archive/1/532757/100/0/threaded 59378 http://secunia.com/advisories/59378 59407 http://secunia.com/advisories/59407 59433 http://secunia.com/advisories/59433 59579 http://secunia.com/advisories/59579 59834 http://secunia.com/advisories/59834 59848 http://secunia.com/advisories/59848 59919 http://secunia.com/advisories/59919 61218 http://secunia.com/advisories/61218 68148 http://www.securityfocus.com/bid/68148 FEDORA-2014-7672 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html FEDORA-2014-9132 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html GLSA-201502-15 http://security.gentoo.org/glsa/glsa-201502-15.xml MDVSA-2014:136 http://www.mandriva.com/security/advisories?name=MDVSA-2014:136 MDVSA-2015:082 http://www.mandriva.com/security/advisories?name=MDVSA-2015:082 RHSA-2014:0866 http://rhn.redhat.com/errata/RHSA-2014-0866.html http://advisories.mageia.org/MGASA-2014-0279.html http://linux.oracle.com/errata/ELSA-2014-0866.html http://www.samba.org/samba/security/CVE-2014-0244 https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1 https://bugzilla.redhat.com/show_bug.cgi?id=1097815 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993 Common Vulnerability Exposure (CVE) ID: CVE-2014-3493 68150 http://www.securityfocus.com/bid/68150 http://www.samba.org/samba/security/CVE-2014-3493 https://bugzilla.redhat.com/show_bug.cgi?id=1108748
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.