Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.900685
Categoría:Remote file access
Título:Samba Format String Vulnerability
Resumen:The host has Samba installed and is prone to Security Bypass; Vulnerability.
Descripción:Summary:
The host has Samba installed and is prone to Security Bypass
Vulnerability.

Vulnerability Insight:
The flaw is due to uninitialised memory access error in 'smbd' when denying
attempts to modify a restricted access control list. This can be exploited
to modify the ACL of an already writable file without required permissions.

Vulnerability Impact:
When dos filemode is set to yes in the smb.conf, attackers can exploit this
issue to bypass certain security restrictions and compromise a user's system.

Affected Software/OS:
Samba 3.0.0 before 3.0.35 on Linux.

Samba 3.1.x on Linux.

Samba 3.2.4 before 3.2.13 on Linux.

Samba 3.3.0 before 3.3.6 on Linux.

Solution:
Upgrade to version 3.3.6 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Referencia Cruzada: BugTraq ID: 35472
Common Vulnerability Exposure (CVE) ID: CVE-2009-1888
http://www.securityfocus.com/bid/35472
Bugtraq: 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat (Google Search)
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Debian Security Information: DSA-1823 (Google Search)
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
http://www.securitytracker.com/id?1022442
http://secunia.com/advisories/35539
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
XForce ISS Database: samba-acl-security-bypass(51327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.