Mandrake Linux Security Advisory : samba (MDKSA-2004:158)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Remote exploitation of an integer overflow vulnerability in the smbd
daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to
and including 3.0.9 could allow an attacker to cause controllable heap
corruption, leading to execution of arbitrary commands with root
privileges.

In order to exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba server.
Unsuccessful exploitation attempts will cause the process serving the
request to crash with signal 11, and may leave evidence of an attack
in logs.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 16065 (mandrake_MDKSA-2004-158.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now