Critical Nessus Plugin ID 13795
SynopsisThe remote host is missing a vendor-supplied security patch.
DescriptionThe remote host is missing a security patch for samba. It is, therefore, affected by a buffer overflow condition in the call_trans2open() function within file trans2.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via an overly long string passed to the pname variable, to execute arbitrary code with the privileges of the server.
SolutionUpdate the affected samba and samba-client packages according to the SUSE-SA:2003:025 security announcement.