Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.51147 |
Kategorie: | Red Hat Local Security Checks |
Titel: | RedHat Security Advisory RHSA-2004:498 |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory RHSA-2004:498. Samba provides file and printer sharing services to SMB/CIFS clients. Karol Wiesek discovered an input validation issue in Samba prior to 3.0.6. An authenticated user could send a carefully crafted request to the Samba server, which would allow access to files outside of the configured file share. Note: Such files would have to be readable by the account used for the connection. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0815 to this issue. This issue does not affect Red Hat Enterprise Linux 3 as a previous erratum updated to Samba 3.0.6 which is not vulnerable to this issue. Users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-2.2.12, which is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-498.html Risk factor : High CVSS Score: 7.5 |
Querverweis: |
BugTraq ID: 11281 Common Vulnerability Exposure (CVE) ID: CVE-2004-0815 http://www.securityfocus.com/bid/11281 Bugtraq: 20040930 Samba Security Announcement -- Potential Arbitrary File Access (Google Search) http://marc.info/?l=bugtraq&m=109655827913457&w=2 Bugtraq: 20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815) (Google Search) http://www.securityfocus.com/archive/1/377618 Conectiva Linux advisory: CLA-2004:873 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 Debian Security Information: DSA-600 (Google Search) http://www.debian.org/security/2004/dsa-600 https://bugzilla.fedora.us/show_bug.cgi?id=2102 http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104 http://www.redhat.com/support/errata/RHSA-2004-498.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 SuSE Security Announcement: SUSE-SA:2004:035 (Google Search) http://www.novell.com/linux/security/advisories/2004_35_samba.html http://www.trustix.org/errata/2004/0051/ XForce ISS Database: samba-file-access(17556) https://exchange.xforce.ibmcloud.com/vulnerabilities/17556 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |