SUSE-SA:2004:045: samba

Critical Nessus Plugin ID 16304


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:045 (samba).

The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code.
This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data.
Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code.


Plugin Details

Severity: Critical

ID: 16304

File Name: suse_SA_2004_045.nasl

Version: $Revision: 1.7 $

Agent: unix

Published: 2005/02/03

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2004-1154