SUSE-SA:2004:045: samba

critical Nessus Plugin ID 16304

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:045 (samba).


The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code.
This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data.
Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code.

Solution

http://www.suse.de/security/advisories/2004_45_samba.html

Plugin Details

Severity: Critical

ID: 16304

File Name: suse_SA_2004_045.nasl

Version: 1.11

Agent: unix

Published: 2/3/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2004-1154