Test Kennung:	1.3.6.1.4.1.25623.1.0.881915
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for libsmbclient CESA-2014:0330 centos6
Zusammenfassung:	The remote host is missing an update for the 'libsmbclient'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libsmbclient' package(s) announced via the referenced advisory. Vulnerability Insight: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. Affected Software/OS: libsmbclient on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6150 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://security.gentoo.org/glsa/glsa-201502-15.xml HPdes Security Advisory: HPSBUX03087 http://marc.info/?l=bugtraq&m=141660010015249&w=2 HPdes Security Advisory: SSRT101413 http://www.mandriva.com/security/advisories?name=MDVSA-2013:299 http://openwall.com/lists/oss-security/2013/12/03/5 https://lists.samba.org/archive/samba-technical/2012-June/084593.html https://lists.samba.org/archive/samba-technical/2013-November/096411.html RedHat Security Advisories: RHSA-2014:0330 http://rhn.redhat.com/errata/RHSA-2014-0330.html SuSE Security Announcement: SUSE-SU-2014:0024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html SuSE Security Announcement: openSUSE-SU-2013:1921 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html SuSE Security Announcement: openSUSE-SU-2014:0405 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://www.ubuntu.com/usn/USN-2054-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-4496 BugTraq ID: 66336 http://www.securityfocus.com/bid/66336 http://www.mandriva.com/security/advisories?name=MDVSA-2015:082 SuSE Security Announcement: openSUSE-SU-2014:0404 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://www.ubuntu.com/usn/USN-2156-1
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.