This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A heap-based buffer overflow flaw was found in the way Samba clients
handle over-sized packets. If a client connected to a malicious Samba
server, it was possible to execute arbitrary code as the Samba client
user. It was also possible for a remote user to send a specially
crafted print request to a Samba server that could result in the
server executing the vulnerable client code, resulting in arbitrary
code execution with the permissions of the Samba server.
This update also addresses two issues which prevented Samba from
joining certain Windows domains with tightened security policies, and
prevented certain signed SMB content from working as expected :
- when some Windows®
2000-based domain controllers
were set to use mandatory signing, Samba clients would
drop the connection because of an error when generating
signatures. This presented as a 'Server packet had
invalid SMB signature' error to the Samba client. This
update corrects the signature generation error.
- Samba servers using the 'net ads join' command to
connect to a Windows Server®
2003-based domain would
fail with 'failed to get schannel session key from
server' and 'NT_STATUS_ACCESS_DENIED' errors. This
update correctly binds to the NETLOGON share, allowing
Samba servers to connect to the domain properly.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60413 ()
CVE ID: CVE-2008-1105