English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.0348.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0348-1)
Summary:The remote host is missing an update for the 'Samba' package(s) announced via the SUSE-SU-2012:0348-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Samba' package(s) announced via the SUSE-SU-2012:0348-1 advisory.

Vulnerability Insight:
This Samba file server update fixes various security issues:

* CVE-2012-0870: A heap-based buffer overflow that could be exploited by remote, unauthenticated attackers to crash the smbd daemon or potentially execute arbitrary code via specially crafted SMB AndX request packets.
* CVE-2011-2694: A cross site scripting problem in SWAT was fixed.
* CVE-2011-0719: Fixed a possible denial of service caused by memory corruption.
* CVE-2010-3069: Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID).
* CVE-2010-2063: Addressed possible buffer overrun in chain_reply code of pre-3.4 versions.
* CVE-2010-1642: An uninitialized variable read could have caused an smbd crash.
* CVE-2010-0787: Take extra care that a mount point of mount.cifs isn't changed during mount,

Also the following bugs have been fixed:

* Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions, (bnc#652620).
* Initialize workgroup of nmblookup as empty string.
* Fix trusts with Windows 2008R2 DCs, (bnc#613459),
(bnc#599873), (bnc#592198), (bso#6697).
* Document 'wide links' defaults to 'no' in the smb.conf man page for versions pre-3.4.6, (bnc#577868).
* Allow forced pw change even with min pw age,
(bnc#561894).

Security Issue reference:

* CVE-2012-0870
>

Affected Software/OS:
'Samba' package(s) on SUSE Linux Enterprise Server 10-SP2.

Solution:
Please install the updated package(s).

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0787
BugTraq ID: 37992
http://www.securityfocus.com/bid/37992
BugTraq ID: 39898
http://www.securityfocus.com/bid/39898
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034444.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034470.html
http://security.gentoo.org/glsa/glsa-201206-29.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:090
http://secunia.com/advisories/38286
http://secunia.com/advisories/38308
http://secunia.com/advisories/38357
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://www.ubuntu.com/usn/USN-893-1
http://www.vupen.com/english/advisories/2010/1062
XForce ISS Database: sambaclient-mountcifs-symlink(55944)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55944
Common Vulnerability Exposure (CVE) ID: CVE-2010-1642
40097
http://www.securityfocus.com/bid/40097
ADV-2010-1933
http://www.vupen.com/english/advisories/2010/1933
MDVSA-2010:141
http://www.mandriva.com/security/advisories?name=MDVSA-2010:141
http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b
http://samba.org/samba/history/samba-3.4.8.html
http://samba.org/samba/history/samba-3.5.2.html
http://security-tracker.debian.org/tracker/CVE-2010-1642
http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29
https://bugzilla.redhat.com/show_bug.cgi?id=594921
https://bugzilla.samba.org/show_bug.cgi?id=7254
Common Vulnerability Exposure (CVE) ID: CVE-2010-2063
1024107
http://www.securitytracker.com/id?1024107
20100616 Samba 3.3.12 Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873
40145
http://secunia.com/advisories/40145
40210
http://secunia.com/advisories/40210
40221
http://secunia.com/advisories/40221
40293
http://secunia.com/advisories/40293
40884
http://www.securityfocus.com/bid/40884
42319
http://secunia.com/advisories/42319
65518
http://osvdb.org/65518
ADV-2010-1486
http://www.vupen.com/english/advisories/2010/1486
ADV-2010-1504
http://www.vupen.com/english/advisories/2010/1504
ADV-2010-1505
http://www.vupen.com/english/advisories/2010/1505
ADV-2010-1507
http://www.vupen.com/english/advisories/2010/1507
ADV-2010-1517
http://www.vupen.com/english/advisories/2010/1517
ADV-2010-3063
http://www.vupen.com/english/advisories/2010/3063
APPLE-SA-2010-08-24-1
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
DSA-2061
http://www.debian.org/security/2010/dsa-2061
HPSBUX02609
http://marc.info/?l=bugtraq&m=129138831608422&w=2
HPSBUX02657
http://marc.info/?l=bugtraq&m=130835366526620&w=2
MDVSA-2010:119
http://www.mandriva.com/security/advisories?name=MDVSA-2010:119
RHSA-2010:0488
http://www.redhat.com/support/errata/RHSA-2010-0488.html
SSA:2010-169-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914
SSRT100147
SSRT100460
SUSE-SR:2010:014
USN-951-1
http://ubuntu.com/usn/usn-951-1
[samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download
http://marc.info/?l=samba-announce&m=127668712312761&w=2
http://support.apple.com/kb/HT4312
http://www.samba.org/samba/ftp/history/samba-3.3.13.html
http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch
http://www.samba.org/samba/security/CVE-2010-2063.html
oval:org.mitre.oval:def:12427
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427
oval:org.mitre.oval:def:7115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115
oval:org.mitre.oval:def:9859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859
samba-smb1-code-execution(59481)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Common Vulnerability Exposure (CVE) ID: CVE-2010-3069
1024434
http://www.securitytracker.com/id?1024434
20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
http://www.securityfocus.com/archive/1/515055/100/0/threaded
41354
http://secunia.com/advisories/41354
41447
http://secunia.com/advisories/41447
42531
http://secunia.com/advisories/42531
42885
http://secunia.com/advisories/42885
43212
http://www.securityfocus.com/bid/43212
ADV-2010-2378
http://www.vupen.com/english/advisories/2010/2378
ADV-2010-3126
http://www.vupen.com/english/advisories/2010/3126
ADV-2011-0091
http://www.vupen.com/english/advisories/2011/0091
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
APPLE-SA-2011-06-23-1
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
FEDORA-2010-14627
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html
FEDORA-2010-14678
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html
FEDORA-2010-14768
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html
RHSA-2010:0860
http://www.redhat.com/support/errata/RHSA-2010-0860.html
SUSE-SR:2010:018
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
USN-987-1
http://www.ubuntu.com/usn/USN-987-1
http://support.apple.com/kb/HT4581
http://support.apple.com/kb/HT4723
http://us1.samba.org/samba/history/samba-3.5.5.html
http://us1.samba.org/samba/security/CVE-2010-3069.html
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
samba-sidparse-bo(61773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61773
Common Vulnerability Exposure (CVE) ID: CVE-2011-0719
1025132
http://www.securitytracker.com/id?1025132
43482
http://secunia.com/advisories/43482
43503
http://secunia.com/advisories/43503
43512
http://secunia.com/advisories/43512
43517
http://secunia.com/advisories/43517
43556
http://secunia.com/advisories/43556
43557
http://secunia.com/advisories/43557
43843
http://secunia.com/advisories/43843
46597
http://www.securityfocus.com/bid/46597
ADV-2011-0517
http://www.vupen.com/english/advisories/2011/0517
ADV-2011-0518
http://www.vupen.com/english/advisories/2011/0518
ADV-2011-0519
http://www.vupen.com/english/advisories/2011/0519
ADV-2011-0520
http://www.vupen.com/english/advisories/2011/0520
ADV-2011-0522
http://www.vupen.com/english/advisories/2011/0522
ADV-2011-0541
http://www.vupen.com/english/advisories/2011/0541
ADV-2011-0702
http://www.vupen.com/english/advisories/2011/0702
DSA-2175
http://www.debian.org/security/2011/dsa-2175
FEDORA-2011-3118
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html
FEDORA-2011-3120
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html
MDVSA-2011:038
http://www.mandriva.com/security/advisories?name=MDVSA-2011:038
RHSA-2011:0305
http://www.redhat.com/support/errata/RHSA-2011-0305.html
RHSA-2011:0306
http://www.redhat.com/support/errata/RHSA-2011-0306.html
SSA:2011-059-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629
USN-1075-1
http://www.ubuntu.com/usn/USN-1075-1
http://samba.org/samba/security/CVE-2011-0719.html
http://www.samba.org/samba/history/samba-3.3.15.html
http://www.samba.org/samba/history/samba-3.4.12.html
http://www.samba.org/samba/history/samba-3.5.7.html
https://bugzilla.redhat.com/show_bug.cgi?id=678328
samba-fdset-dos(65724)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65724
Common Vulnerability Exposure (CVE) ID: CVE-2011-2694
BugTraq ID: 48901
http://www.securityfocus.com/bid/48901
Debian Security Information: DSA-2290 (Google Search)
http://www.debian.org/security/2011/dsa-2290
HPdes Security Advisory: HPSBNS02701
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
HPdes Security Advisory: SSRT100598
http://jvn.jp/en/jp/JVN63041502/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://osvdb.org/74072
http://securitytracker.com/id?1025852
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://ubuntu.com/usn/usn-1182-1
XForce ISS Database: samba-user-xss(68844)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Common Vulnerability Exposure (CVE) ID: CVE-2012-0870
48116
http://secunia.com/advisories/48116
48186
http://secunia.com/advisories/48186
48844
http://secunia.com/advisories/48844
48879
http://secunia.com/advisories/48879
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
SUSE-SU-2012:0337
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
SUSE-SU-2012:0338
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
SUSE-SU-2012:0502
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
SUSE-SU-2012:0515
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
USN-1374-1
http://www.ubuntu.com/usn/USN-1374-1
blackberry-playbook-samba-code-execution(73361)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73361
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565
http://support.apple.com/kb/HT5281
https://bugzilla.redhat.com/show_bug.cgi?id=795509
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.