Mandriva Linux Security Advisory : samba (MDVSA-2015:082)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated samba packages fix security vulnerabilities :

In Samba before 3.6.23, the SAMR server neglects to ensure that
attempted password changes will update the bad password count, and
does not set the lockout flags. This would allow a user unlimited
attempts against the password by simply calling ChangePasswordUser2
repeatedly. This is available without any other authentication
(CVE-2013-4496).

Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a
denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS ame service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a
denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).

An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).

See also :

http://advisories.mageia.org/MGASA-2014-0138.html
http://advisories.mageia.org/MGASA-2014-0279.html
http://advisories.mageia.org/MGASA-2015-0084.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82335 ()

Bugtraq ID:

CVE ID: CVE-2013-4496
CVE-2014-0178
CVE-2014-0244
CVE-2014-3493
CVE-2015-0240

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now