FreeBSD : samba -- format string bug in afsacl.so VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Samba Team reports :

NOTE: This security advisory only impacts Samba servers that share AFS
file systems to CIFS clients and which have been explicitly instructed
in smb.conf to load the afsacl.so VFS module.

The source defect results in the name of a file stored on disk being
used as the format string in a call to snprintf(). This bug becomes
exploitable only when a user is able to write to a share which
utilizes Samba's afsacl.so library for setting Windows NT access
control lists on files residing on an AFS file system.

See also :

http://www.samba.org/samba/security/CVE-2007-0454.html
http://www.nessus.org/u?9e1614da

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24825 (freebsd_pkg_57ae52f7b9cc11dbbf0f0013720b182d.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0454

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now