RHEL 2.1 : samba (RHSA-2003:096)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Samba packages are now available to fix security
vulnerabilities found during a code audit.

Samba is a suite of utilities which provides file and printer sharing
services to SMB/CIFS clients.

Sebastian Krahmer discovered a security vulnerability present in
unpatched versions of Samba prior to 2.2.8. An anonymous user could
use the vulnerability to gain root access on the target machine.

Additionally, a race condition could allow an attacker to overwrite
critical system files.

All users of Samba are advised to update to the erratum packages which
contain patches to correct these vulnerabilities.

These packages contain the security fixes backported to the Samba
2.2.7 codebase.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0085.html
https://www.redhat.com/security/data/cve/CVE-2003-0086.html
https://www.redhat.com/security/data/cve/CVE-2003-1332.html
http://www.samba.org/samba/history/samba-2.2.10.html
http://rhn.redhat.com/errata/RHSA-2003-096.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12379 ()

Bugtraq ID:

CVE ID: CVE-2003-0085
CVE-2003-0086
CVE-2003-1332