Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.54173 |
Kategorie: | SuSE Local Security Checks |
Titel: | SuSE Security Advisory SUSE-SA:2001:021 (samba) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing updates announced in advisory SUSE-SA:2001:021. Michal Zalewski discovered that a remote attacker can write to files owned by root if the samba config file /etc/smb.conf contains the %m macro to specify the logfile for logging access to the samba server. The %m macro substitutes the NetBIOS name - improper validation of this name allows an attacker to write to any file in the system. SuSE Linux distributions do not ship a default /etc/smb.conf config file that contains the %m macro. Therefore, SuSE distributions are not vulnerable to the bug in the out-of-the-box state. In addition to the remotely exploitable bug, there exists another vulnerability which is fixed with the update packages we provide below: temporary files are being handled insecurely so that an attacker with local access to the system can increase her privileges. This error was discovered by Marcus Meissner, Caldera. This specific problem has been fixed with the release of the samba-2.0.9 version. samba release version 2.0.8 intended to correct this local problem, but due to an error, 2.0.9 contained the complete fix. Only the 2.0.10 version as offered for the SuSE Linux distributions 6.3, 6.4, 7.0 and 7.1 fixes all known problems in the samba package. For the recently released SuSE-7.2 distribution we provide an update package to the version 2.2.0a. We thank Martin Walter, CC university of Freiburg, for his helpful contribution in debugging the Large File Support (LSF) of the 7.1 package. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2001:021 Risk factor : High |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |