Oracle Linux 3 / 4 / 5 : samba (ELSA-2007-1114)

high Nessus Plugin ID 67620

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2007:1114 :

Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and other information.

A stack-based buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.
(CVE-2007-6015)

Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.

This update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares.

Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.

Solution

Update the affected samba packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2007-December/000440.html

https://oss.oracle.com/pipermail/el-errata/2007-December/000442.html

https://oss.oracle.com/pipermail/el-errata/2007-December/000444.html

Plugin Details

Severity: High

ID: 67620

File Name: oraclelinux_ELSA-2007-1114.nasl

Version: 1.12

Type: local

Agent: unix

Published: 7/12/2013

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:samba, p-cpe:/a:oracle:linux:samba-client, p-cpe:/a:oracle:linux:samba-common, p-cpe:/a:oracle:linux:samba-swat, cpe:/o:oracle:linux:3, cpe:/o:oracle:linux:4, cpe:/o:oracle:linux:5

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/11/2007

Vulnerability Publication Date: 11/16/2007

Reference Information

CVE: CVE-2007-4572, CVE-2007-6015

BID: 26791, 27163

CWE: 119

RHSA: 2007:1114