Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : samba (SSA:2008-149-01)

High Nessus Plugin ID 32455

Synopsis

The remote Slackware host is missing a security update.

Description

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue: 'Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations.' This flaw affects Samba versions from 3.0.0 through 3.0.29.

Solution

Update the affected samba package.

See Also

http://www.nessus.org/u?c5ad0a43

Plugin Details

Severity: High

ID: 32455

File Name: Slackware_SSA_2008-149-01.nasl

Version: 1.15

Type: local

Published: 2008/05/29

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:samba, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:10.0, cpe:/o:slackware:slackware_linux:10.1, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:11.0, cpe:/o:slackware:slackware_linux:12.0, cpe:/o:slackware:slackware_linux:12.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/05/28

Reference Information

CVE: CVE-2008-1105

BID: 29404

SSA: 2008-149-01

CWE: 119