SuSE9 Security Update : Samba (YOU Patch Number 12165)
High Nessus Plugin ID 41214
SynopsisThe remote SuSE 9 host is missing a security-related patch.
DescriptionSamba has been updated to fix a security problem :
- Secunia research discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. (CVE-2008-1105)
The vulnerability is caused due to a boundary error within the 'receive_smb_raw()' function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context.
SolutionApply YOU patch number 12165.