SuSE 10 Security Update : Samba (ZYPP Patch Number 5292)
High Nessus Plugin ID 33099
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionSamba has been updated to fix a security problem :
- Secunia research discovered vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. (CVE-2008-1105)
The vulnerability is caused due to a boundary error within the 'receive_smb_raw()' function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context.
SolutionApply ZYPP patch number 5292.