Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59346
Category:Fedora Local Security Checks
Title:Fedora Core 4 FEDORA-2006-808 (samba)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to samba
announced via advisory FEDORA-2006-808.


Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB server that can be used to
provide network services to SMB (sometimes called Lan Manager)
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.


* Wed Jul 12 2006 Jay Fenlason 3.0.23-1.fc4
- Update to 3.0.23 to close
bz#197836 CVE-2006-3403 Samba denial of service
- include related spec file, filter-requires-samba.sh and patch changes
from rawhide. -winbind, and -access patches are obsolete.
- include the fixed smb.init file from rawhide, closing
bz#182560 Wrong retval for initscript when smbd is dead
* Mon Oct 10 2005 Jay Fenlason
- Upgrade to 3.0.20a, which includes all the previous upstream patches.
- Include the -winbind patch from Jeremy Allison to fix
a problem with winbind crashing.
- Include the -access patch from Jeremy Allison to fix
a problem with MS Access lock files.
- Updated the -warnings patch for 3.0.20a.
- Include --with-shared-modules=idmap_ad,idmap_rid to close
bz#156810 ? --with-shared-modules=idmap_ad,idmap_rid
- Include the new samba.pamd from Tomas Mraz (tmraz@redhat.com) to close
bz#170259 ? pam_stack is deprecated
* Mon Aug 22 2005 Jay Fenlason
- New upstream release
Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3,
-regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1
This obsoletes the -pie and -delim patches
the -warning and -gcc4 patches are obsolete too
The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1
Also, the -quoting patch was implemented differently upstream
There is now a umount.cifs executable and manpage
We run autogen.sh as part of the build phase
The testprns command is now gone
libsmbclient now has a man page
- Include -bug106483 patch to close
bz#106483 smbclient: -N negates the provided password, despite documentation
- Added the -warnings patch to quiet some compiler warnings.
- Removed many obsolete patches from CVS.

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2006-808

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3403
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 18927
http://www.securityfocus.com/bid/18927
Bugtraq: 20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd (Google Search)
http://www.securityfocus.com/archive/1/439875/100/0/threaded
Bugtraq: 20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd (Google Search)
http://www.securityfocus.com/archive/1/439757/100/0/threaded
Bugtraq: 20060711 rPSA-2006-0128-1 samba samba-swat (Google Search)
http://www.securityfocus.com/archive/1/439880/100/100/threaded
Bugtraq: 20060720 Samba Internal Data Structures DOS Vulnerability Exploit (Google Search)
http://www.securityfocus.com/archive/1/440767/100/0/threaded
Bugtraq: 20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit (Google Search)
http://www.securityfocus.com/archive/1/440836/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451426/100/200/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#313836
http://www.kb.cert.org/vuls/id/313836
Debian Security Information: DSA-1110 (Google Search)
http://www.debian.org/security/2006/dsa-1110
http://security.gentoo.org/glsa/glsa-200607-10.xml
HPdes Security Advisory: HPSBUX02155
http://www.securityfocus.com/archive/1/448957/100/0/threaded
HPdes Security Advisory: SSRT061235
http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355
http://www.redhat.com/support/errata/RHSA-2006-0591.html
http://securitytracker.com/id?1016459
http://secunia.com/advisories/20980
http://secunia.com/advisories/20983
http://secunia.com/advisories/21018
http://secunia.com/advisories/21019
http://secunia.com/advisories/21046
http://secunia.com/advisories/21086
http://secunia.com/advisories/21143
http://secunia.com/advisories/21159
http://secunia.com/advisories/21187
http://secunia.com/advisories/21190
http://secunia.com/advisories/21262
http://secunia.com/advisories/22875
http://secunia.com/advisories/23155
SGI Security Advisory: 20060703-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
SuSE Security Announcement: SUSE-SR:2006:017 (Google Search)
http://www.novell.com/linux/security/advisories/2006_17_sr.html
http://www.ubuntu.com/usn/usn-314-1
http://www.vupen.com/english/advisories/2006/2745
http://www.vupen.com/english/advisories/2006/4502
http://www.vupen.com/english/advisories/2006/4750
XForce ISS Database: samba-smbd-connection-dos(27648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.