openSUSE Security Update : samba (openSUSE-2015-179)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

samba was updated to fix two security issues.

These security issues were fixed :

- CVE-2015-0240: Ensure we don't call talloc_free on an
uninitialized pointer (bnc#917376).

- CVE-2014-8143: Samba 4.0.x before 4.0.24, 4.1.x before
4.1.16, and 4.2.x before 4.2rc4, when an Active
Directory Domain Controller (AD DC) is configured,
allowed remote authenticated users to set the LDB
userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and
consequently gain privileges, by leveraging delegation
of authority for user-account or computer-account
creation (bnc#914279).

Several non-security issues were fixed, please refer to the changes
file.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=914279
https://bugzilla.opensuse.org/show_bug.cgi?id=917376

Solution :

Update the affected samba packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 81561 ()

Bugtraq ID:

CVE ID: CVE-2014-8143
CVE-2015-0240

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now