FreeBSD : samba -- format string bug in afsacl.so VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)

high Nessus Plugin ID 24825

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Samba Team reports :

NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module.

The source defect results in the name of a file stored on disk being used as the format string in a call to snprintf(). This bug becomes exploitable only when a user is able to write to a share which utilizes Samba's afsacl.so library for setting Windows NT access control lists on files residing on an AFS file system.

Solution

Update the affected packages.

See Also

https://www.samba.org/samba/security/CVE-2007-0454.html

http://www.nessus.org/u?b4adde32

Plugin Details

Severity: High

ID: 24825

File Name: freebsd_pkg_57ae52f7b9cc11dbbf0f0013720b182d.nasl

Version: 1.13

Type: local

Published: 3/16/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ja-samba, p-cpe:/a:freebsd:freebsd:samba, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/16/2007

Vulnerability Publication Date: 2/5/2007

Reference Information

CVE: CVE-2007-0454