openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0346-1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of the Samba server package fixes security issues and
bugs.

Following security issues were fixed: CVE-2010-2063: A buffer overrun
was possible in chain_reply code in 3.3.x and below, which could be
used to crash the samba server or potentially execute code.

CVE-2010-0787: Take extra care that a mount point of mount.cifs isn't
changed during mount.

Also the following bugs were fixed :

- Honor 'interfaces' list in net ad dns register.
(bnc#606947)

- An uninitialized variable read could cause an smbd
crash; (bso#7254); (bnc#605935).

See also :

http://lists.opensuse.org/opensuse-updates/2010-06/msg00011.html
https://bugzilla.novell.com/show_bug.cgi?id=550002
https://bugzilla.novell.com/show_bug.cgi?id=577868
https://bugzilla.novell.com/show_bug.cgi?id=605935
https://bugzilla.novell.com/show_bug.cgi?id=606947
https://bugzilla.novell.com/show_bug.cgi?id=611927

Solution :

Update the affected cifs-mount packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 47572 ()

Bugtraq ID:

CVE ID: CVE-2010-0787
CVE-2010-2063

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now