SUSE-SA:2003:025: samba

This script is Copyright (C) 2004-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch.

Description :

The remote host is missing a security patch for samba. It is,
therefore, affected by a buffer overflow condition in the
call_trans2open() function within file trans2.c due to improper
sanitization of user-supplied input. An unauthenticated, remote
attacker can exploit this, via an overly long string passed to the
pname variable, to execute arbitrary code with the privileges of the
server.

See also :

https://www.suse.com/support/security/advisories/2003_025_samba.html

Solution :

Update the affected samba and samba-client packages according to the
SUSE-SA:2003:025 security announcement.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 13795 ()

Bugtraq ID: 7294

CVE ID: CVE-2003-0201

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now