Test Kennung:	1.3.6.1.4.1.25623.1.0.59902
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2007:224-3 (samba)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to samba announced via advisory MDKSA-2007:224-3. The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service (CVE-2007-4572). As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges (CVE-2007-5398). Update: This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:224-3 http://qa.mandriva.com/show_bug.cgi?id=35734 Risk factor : Critical CVSS Score: 9.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4572 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BugTraq ID: 26454 http://www.securityfocus.com/bid/26454 Bugtraq: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search) http://www.securityfocus.com/archive/1/485936/100/0/threaded Bugtraq: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search) http://www.securityfocus.com/archive/1/486859/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html Debian Security Information: DSA-1409 (Google Search) http://www.debian.org/security/2007/dsa-1409 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml HPdes Security Advisory: HPSBUX02316 http://marc.info/?l=bugtraq&m=120524782005154&w=2 HPdes Security Advisory: HPSBUX02341 http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657 HPdes Security Advisory: SSRT071495 HPdes Security Advisory: SSRT080075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:224 http://lists.vmware.com/pipermail/security-announce/2008/000002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11132 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5643 http://www.redhat.com/support/errata/RHSA-2007-1013.html http://www.redhat.com/support/errata/RHSA-2007-1016.html http://www.redhat.com/support/errata/RHSA-2007-1017.html http://securitytracker.com/id?1018954 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.com/advisories/27731 http://secunia.com/advisories/27787 http://secunia.com/advisories/27927 http://secunia.com/advisories/28136 http://secunia.com/advisories/28368 http://secunia.com/advisories/29341 http://secunia.com/advisories/30484 http://secunia.com/advisories/30736 http://secunia.com/advisories/30835 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1 SuSE Security Announcement: SUSE-SA:2007:065 (Google Search) http://www.novell.com/linux/security/advisories/2007_65_samba.html https://usn.ubuntu.com/544-1/ http://www.ubuntu.com/usn/usn-544-2 http://www.ubuntu.com/usn/usn-617-1 http://www.vupen.com/english/advisories/2007/3869 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0064 http://www.vupen.com/english/advisories/2008/0859/references http://www.vupen.com/english/advisories/2008/1712/references http://www.vupen.com/english/advisories/2008/1908 XForce ISS Database: samba-nmbd-bo(38501) https://exchange.xforce.ibmcloud.com/vulnerabilities/38501 Common Vulnerability Exposure (CVE) ID: CVE-2007-5398 BugTraq ID: 26455 http://www.securityfocus.com/bid/26455 Bugtraq: 20071115 Secunia Research: Samba "reply_netbios_packet()" Buffer OverflowVulnerability (Google Search) http://www.securityfocus.com/archive/1/483744/100/0/threaded http://secunia.com/secunia_research/2007-90/advisory/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10230 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5811 http://securitytracker.com/id?1018953 http://secunia.com/advisories/27742 http://securityreason.com/securityalert/3372 XForce ISS Database: samba-replynetbiospacket-bo(38502) https://exchange.xforce.ibmcloud.com/vulnerabilities/38502
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.