English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.880722
Categoría:CentOS Local Security Checks
Título:CentOS Update for samba CESA-2009:1529 centos4 i386
Resumen:The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'samba'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Samba is a suite of programs used by machines to share files, printers, and
other information.

A denial of service flaw was found in the Samba smbd daemon. An
authenticated, remote user could send a specially-crafted response that
would cause an smbd child process to enter an infinite loop. An
authenticated, remote user could use this flaw to exhaust system resources
by opening multiple CIFS sessions. (CVE-2009-2906)

An uninitialized data access flaw was discovered in the smbd daemon when
using the non-default 'dos filemode' configuration option in 'smb.conf'. An
authenticated, remote user with write access to a file could possibly use
this flaw to change an access control list for that file, even when such
access should have been denied. (CVE-2009-1888)

A flaw was discovered in the way Samba handled users without a home
directory set in the back-end password database (e.g. '/etc/passwd'). If a
share for the home directory of such a user was created (e.g. using the
automated '[homes]' share), any user able to access that share could see
the whole file system, possibly bypassing intended access restrictions.
(CVE-2009-2813)

The mount.cifs program printed CIFS passwords as part of its debug output
when running in verbose mode. When mount.cifs had the setuid bit set, a
local, unprivileged user could use this flaw to disclose passwords from a
file that would otherwise be inaccessible to that user. Note: mount.cifs
from the samba packages distributed by Red Hat does not have the setuid bit
set. This flaw only affected systems where the setuid bit was manually set
by an administrator. (CVE-2009-2948)

Users of Samba should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing this update,
the smb service will be restarted automatically.

Affected Software/OS:
samba on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1888
BugTraq ID: 35472
http://www.securityfocus.com/bid/35472
Bugtraq: 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat (Google Search)
http://www.securityfocus.com/archive/1/507856/100/0/threaded
Debian Security Information: DSA-1823 (Google Search)
http://www.debian.org/security/2009/dsa-1823
http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292
http://www.securitytracker.com/id?1022442
http://secunia.com/advisories/35539
http://secunia.com/advisories/35573
http://secunia.com/advisories/35606
http://secunia.com/advisories/36918
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
http://www.ubuntu.com/usn/USN-839-1
http://www.vupen.com/english/advisories/2009/1664
XForce ISS Database: samba-acl-security-bypass(51327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Common Vulnerability Exposure (CVE) ID: CVE-2009-2813
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
BugTraq ID: 36363
http://www.securityfocus.com/bid/36363
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00098.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00095.html
HPdes Security Advisory: HPSBUX02479
http://marc.info/?l=bugtraq&m=126514298313071&w=2
HPdes Security Advisory: SSRT090212
http://osvdb.org/57955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9191
http://secunia.com/advisories/36701
http://secunia.com/advisories/36893
http://secunia.com/advisories/36937
http://secunia.com/advisories/36953
http://secunia.com/advisories/37428
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561439
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021111.1-1
SuSE Security Announcement: SUSE-SR:2009:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://www.vupen.com/english/advisories/2009/2810
XForce ISS Database: macosx-smb-security-bypass(53174)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53174
Common Vulnerability Exposure (CVE) ID: CVE-2009-2906
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 36573
http://www.securityfocus.com/bid/36573
http://osvdb.org/58519
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9944
http://www.securitytracker.com/id?1022976
XForce ISS Database: samba-smb-dos(53575)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53575
Common Vulnerability Exposure (CVE) ID: CVE-2009-2948
BugTraq ID: 36572
http://www.securityfocus.com/bid/36572
http://osvdb.org/58520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10434
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7087
http://www.securitytracker.com/id?1022975
XForce ISS Database: samba-mountcifs-info-disclosure(53574)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53574
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.