SuSE 11.3 Security Update : Samba (SAT Patch Number 9010)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The Samba fileserver suite was updated to fix bugs and security
issues.

The following security issue have been fixed :

- No Password lockout or ratelimiting was enforced for
SAMR password changes, making brute force guessing
attacks possible. CVE-2013-4496. Also the following
feature has been added :

- Allow smbcacls to take a '--propagate-inheritance' flag
to indicate that the add, delete, modify and set
operations now support automatic propagation of
inheritable ACE(s); (FATE#316474).

And the following bugs have been fixed :

- Fixed problem with server taking too long to respond to
a MSG_PRINTER_DRVUPGRADE message; (bso#9942);.
(bnc#863748)

- Fixed memory leak in printer_list_get_printer();
(bso#9993);. (bnc#865561)

- Fixed Winbind 100% CPU utilization caused by domain list
corruption; (bso#10358);. (bnc#786677)

- Make winbindd print the interface version when it gets
an INTERFACE_VERSION request;. (bnc#726937)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=726937
https://bugzilla.novell.com/show_bug.cgi?id=786677
https://bugzilla.novell.com/show_bug.cgi?id=844307
https://bugzilla.novell.com/show_bug.cgi?id=847009
https://bugzilla.novell.com/show_bug.cgi?id=849224
https://bugzilla.novell.com/show_bug.cgi?id=863748
https://bugzilla.novell.com/show_bug.cgi?id=865561
http://support.novell.com/security/cve/CVE-2013-4496.html

Solution :

Apply SAT patch number 9010.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 73410 ()

Bugtraq ID:

CVE ID: CVE-2013-4496

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now