Mandrake Local Security Checks : Mandriva Update for samba MDVSA-2011:121 (samba)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831433

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for samba MDVSA-2011:121 (samba)

Resumen: The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'samba'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple vulnerabilities has been discovered and corrected in samba:

All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By
tricking a user who is authenticated with SWAT into clicking a
manipulated URL on a different web page, it is possible to manipulate
SWAT (CVE-2011-2522).

All current released versions of Samba are vulnerable to a cross-site
scripting issue in the Samba Web Administration Tool (SWAT). On the
Change Password field, it is possible to insert arbitrary content
into the user field (CVE-2011-2694).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct these issues.

Affected Software/OS:
samba on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2522
BugTraq ID: 48899
http://www.securityfocus.com/bid/48899
Debian Security Information: DSA-2290 (Google Search)
http://www.debian.org/security/2011/dsa-2290
http://www.exploit-db.com/exploits/17577
HPdes Security Advisory: HPSBNS02701
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
HPdes Security Advisory: HPSBUX02768
http://marc.info/?l=bugtraq&m=133527864025056&w=2
HPdes Security Advisory: SSRT100598
HPdes Security Advisory: SSRT100664
http://jvn.jp/en/jp/JVN29529126/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://osvdb.org/74071
http://securitytracker.com/id?1025852
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securityreason.com/securityalert/8317
http://ubuntu.com/usn/usn-1182-1
XForce ISS Database: samba-swat-csrf(68843)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
Common Vulnerability Exposure (CVE) ID: CVE-2011-2694
BugTraq ID: 48901
http://www.securityfocus.com/bid/48901
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
XForce ISS Database: samba-user-xss(68844)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831433
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for samba MDVSA-2011:121 (samba)
Resumen:	The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'samba' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been discovered and corrected in samba: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT (CVE-2011-2522). All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the Change Password field, it is possible to insert arbitrary content into the user field (CVE-2011-2694). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. Affected Software/OS: samba on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2522 BugTraq ID: 48899 http://www.securityfocus.com/bid/48899 Debian Security Information: DSA-2290 (Google Search) http://www.debian.org/security/2011/dsa-2290 http://www.exploit-db.com/exploits/17577 HPdes Security Advisory: HPSBNS02701 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 HPdes Security Advisory: HPSBUX02768 http://marc.info/?l=bugtraq&m=133527864025056&w=2 HPdes Security Advisory: SSRT100598 HPdes Security Advisory: SSRT100664 http://jvn.jp/en/jp/JVN29529126/index.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:121 http://osvdb.org/74071 http://securitytracker.com/id?1025852 http://secunia.com/advisories/45393 http://secunia.com/advisories/45488 http://secunia.com/advisories/45496 http://securityreason.com/securityalert/8317 http://ubuntu.com/usn/usn-1182-1 XForce ISS Database: samba-swat-csrf(68843) https://exchange.xforce.ibmcloud.com/vulnerabilities/68843 Common Vulnerability Exposure (CVE) ID: CVE-2011-2694 BugTraq ID: 48901 http://www.securityfocus.com/bid/48901 http://jvn.jp/en/jp/JVN63041502/index.html http://osvdb.org/74072 XForce ISS Database: samba-user-xss(68844) https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Copyright	Copyright (c) 2011 Greenbone Networks GmbH