SuSE 11.2 / 11.3 Security Update : Samba (SAT Patch Numbers 8655 / 8656)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update fixes the following security issues with samba :

- DCERPC frag_len not checked. (CVE-2013-4408).
(bnc#844720)

- winbind pam security problem. (CVE-2012-6150).
(bnc#853347)

- No access check verification on stream files
(CVE-2013-4475). And fixes the following non-security
issues :. (bnc#848101)

- libsmbclient0 package description contains comments.
(bnc#853021)

- rpcclient adddriver and setdrive do not set all needed
registry entries. (bnc#817880)

- Client trying to delete print job fails: Samba returns:
WERR_INVALID_PRINTER_NAME. (bnc#838472)

- various upstream fixes. (bnc#854520 and bnc#849226)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=817880
https://bugzilla.novell.com/show_bug.cgi?id=838472
https://bugzilla.novell.com/show_bug.cgi?id=844720
https://bugzilla.novell.com/show_bug.cgi?id=848101
https://bugzilla.novell.com/show_bug.cgi?id=849226
https://bugzilla.novell.com/show_bug.cgi?id=853021
https://bugzilla.novell.com/show_bug.cgi?id=853347
https://bugzilla.novell.com/show_bug.cgi?id=854520
http://support.novell.com/security/cve/CVE-2012-6150.html
http://support.novell.com/security/cve/CVE-2013-4408.html
http://support.novell.com/security/cve/CVE-2013-4475.html

Solution :

Apply SAT patch number 8655 / 8656 as appropriate.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 71833 ()

Bugtraq ID:

CVE ID: CVE-2012-6150
CVE-2013-4408
CVE-2013-4475