FreeBSD : samba -- format string bug in VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

The Samba Team reports :

NOTE: This security advisory only impacts Samba servers that share AFS
file systems to CIFS clients and which have been explicitly instructed
in smb.conf to load the VFS module.

The source defect results in the name of a file stored on disk being
used as the format string in a call to snprintf(). This bug becomes
exploitable only when a user is able to write to a share which
utilizes Samba's library for setting Windows NT access
control lists on files residing on an AFS file system.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24825 (freebsd_pkg_57ae52f7b9cc11dbbf0f0013720b182d.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0454

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now