Mandriva Linux Security Advisory : samba (MDVSA-2009:196)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in samba :

Multiple format string vulnerabilities in client/client.c in smbclient
in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers
to execute arbitrary code via format string specifiers in a filename
(CVE-2009-1886).

The acl_group_override function in smbd/posix_acls.c in smbd in Samba
3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before
3.3.6, when dos filemode is enabled, allows remote attackers to modify
access control lists for files via vectors related to read access to
uninitialized memory (CVE-2009-1888).

This update provides samba 3.2.13 to address these issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 40521 (mandriva_MDVSA-2009-196.nasl)

Bugtraq ID:

CVE ID: CVE-2009-1886
CVE-2009-1888

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now