FreeBSD : samba -- remote file disclosure (de16b056-132e-11d9-bc4a-000c41e2cdad)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

According to a Samba Team security notice :

A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and
Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to
files which exist outside of the share's defined path. Such files must
still be readable by the account used for the connection.

The original notice for CAN-2004-0815 indicated that Samba 3.0.x <=
3.0.5 was vulnerable to the security issue. After further research,
Samba developers have confirmed that only Samba 3.0.2a and earlier
releases contain the exploitable code.

See also :

http://www.samba.org/samba/news/#security_2.2.12
http://www.nessus.org/u?33e030ec

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19144 (freebsd_pkg_de16b056132e11d9bc4a000c41e2cdad.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0815

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now