English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851279
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for samba (openSUSE-SU-2016:1064-1)
Zusammenfassung:The remote host is missing an update for the 'samba'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'samba'
package(s) announced via the referenced advisory.

Vulnerability Insight:
samba was updated to version 4.2.4 to fix 14 security issues.

These security issues were fixed:

- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).

- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).

- CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).

- CVE-2016-2112: LDAP connenctions were vulnerable to downgrade and MITM
attack (bsc#973033).

- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).

- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).

- CVE-2016-2118:'Badlock' DCERPC impersonation of authenticated account
were possible (bsc#971965).

- CVE-2015-3223: Malicious request can cause Samba LDAP server to hang,
spinning using CPU (boo#958581).

- CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).

- CVE-2015-5252: Insufficient symlink verification (file access outside
the share)(boo#958582).

- CVE-2015-5296: No man in the middle protection when forcing smb
encryption on the client side (boo#958584).

- CVE-2015-5299: Currently the snapshot browsing is not secure through
windows previous version (shadow_copy2) (boo#958583).

- CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from
being changed into user accounts (boo#958585).

- CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change
permissions on link target (boo#968222).

These non-security issues were fixed:

- Fix samba.tests.messaging test and prevent potential tdb corruption by
removing obsolete now invalid tdb_close call (boo#974629).

- Align fsrvp feature sources with upstream version.

- Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel
from samba-core-devel (boo#973832).

- s3:utils/smbget: Fix recursive download (bso#6482).

- s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support (bso#10489).

- docs: Add example for domain logins to smbspool man page (bso#11643).

- s3-client: Add a KRB5 wrapper for smbspool (bso#11690).

- loadparm: Fix memory leak issue (bso#11708).

- lib/tsocket: Work around sockets not supporting FIONREAD (bso#11714).

- ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'
(bso#11719).

- s3:smbd:open: Skip redundant call to file_set_dosmode when creating a
new file (bso#11727).

- param: Fix str_list_v3 to accept ' ' again (bso#11732).

- Real memory leak(buildup) issue in loadparm (bso#11740).

- Obsolete libsmbclient from libsmbcl ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
samba on openSUSE 13.2

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-8143
BugTraq ID: 72278
http://www.securityfocus.com/bid/72278
http://www.securitytracker.com/id/1031615
http://secunia.com/advisories/62594
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
SuSE Security Announcement: openSUSE-SU-2015:0375 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.ubuntu.com/usn/USN-2481-1
XForce ISS Database: samba-cve20148143-priv-esc(100596)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
Common Vulnerability Exposure (CVE) ID: CVE-2015-0240
BugTraq ID: 72711
http://www.securityfocus.com/bid/72711
Debian Security Information: DSA-3171 (Google Search)
http://www.debian.org/security/2015/dsa-3171
https://www.exploit-db.com/exploits/36741/
http://security.gentoo.org/glsa/glsa-201502-15.xml
HPdes Security Advisory: HPSBGN03288
http://marc.info/?l=bugtraq&m=142722696102151&w=2
HPdes Security Advisory: HPSBUX03320
http://marc.info/?l=bugtraq&m=143039217203031&w=2
HPdes Security Advisory: SSRT101952
HPdes Security Advisory: SSRT101979
http://www.mandriva.com/security/advisories?name=MDVSA-2015:081
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
RedHat Security Advisories: RHSA-2015:0249
http://rhn.redhat.com/errata/RHSA-2015-0249.html
RedHat Security Advisories: RHSA-2015:0250
http://rhn.redhat.com/errata/RHSA-2015-0250.html
RedHat Security Advisories: RHSA-2015:0251
http://rhn.redhat.com/errata/RHSA-2015-0251.html
RedHat Security Advisories: RHSA-2015:0252
http://rhn.redhat.com/errata/RHSA-2015-0252.html
RedHat Security Advisories: RHSA-2015:0253
http://rhn.redhat.com/errata/RHSA-2015-0253.html
RedHat Security Advisories: RHSA-2015:0254
http://rhn.redhat.com/errata/RHSA-2015-0254.html
RedHat Security Advisories: RHSA-2015:0255
http://rhn.redhat.com/errata/RHSA-2015-0255.html
RedHat Security Advisories: RHSA-2015:0256
http://rhn.redhat.com/errata/RHSA-2015-0256.html
RedHat Security Advisories: RHSA-2015:0257
http://rhn.redhat.com/errata/RHSA-2015-0257.html
http://www.securitytracker.com/id/1031783
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360345
SuSE Security Announcement: SUSE-SU-2015:0353 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00028.html
SuSE Security Announcement: SUSE-SU-2015:0371 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00030.html
SuSE Security Announcement: SUSE-SU-2015:0386 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00035.html
SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.ubuntu.com/usn/USN-2508-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3223
BugTraq ID: 79731
http://www.securityfocus.com/bid/79731
Debian Security Information: DSA-3433 (Google Search)
http://www.debian.org/security/2016/dsa-3433
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
https://security.gentoo.org/glsa/201612-47
http://www.securitytracker.com/id/1034493
SuSE Security Announcement: SUSE-SU-2015:2304 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
SuSE Security Announcement: SUSE-SU-2015:2305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
SuSE Security Announcement: openSUSE-SU-2015:2354 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
SuSE Security Announcement: openSUSE-SU-2015:2356 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://www.ubuntu.com/usn/USN-2856-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5252
BugTraq ID: 79733
http://www.securityfocus.com/bid/79733
SuSE Security Announcement: SUSE-SU-2016:0032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
SuSE Security Announcement: SUSE-SU-2016:0164 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:1105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-5296
BugTraq ID: 79732
http://www.securityfocus.com/bid/79732
Common Vulnerability Exposure (CVE) ID: CVE-2015-5299
BugTraq ID: 79729
http://www.securityfocus.com/bid/79729
Common Vulnerability Exposure (CVE) ID: CVE-2015-5330
BugTraq ID: 79734
http://www.securityfocus.com/bid/79734
Common Vulnerability Exposure (CVE) ID: CVE-2015-5370
Debian Security Information: DSA-3548 (Google Search)
http://www.debian.org/security/2016/dsa-3548
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
http://badlock.org/
RedHat Security Advisories: RHSA-2016:0611
http://rhn.redhat.com/errata/RHSA-2016-0611.html
RedHat Security Advisories: RHSA-2016:0612
http://rhn.redhat.com/errata/RHSA-2016-0612.html
RedHat Security Advisories: RHSA-2016:0613
http://rhn.redhat.com/errata/RHSA-2016-0613.html
RedHat Security Advisories: RHSA-2016:0614
http://rhn.redhat.com/errata/RHSA-2016-0614.html
RedHat Security Advisories: RHSA-2016:0618
http://rhn.redhat.com/errata/RHSA-2016-0618.html
RedHat Security Advisories: RHSA-2016:0619
http://rhn.redhat.com/errata/RHSA-2016-0619.html
RedHat Security Advisories: RHSA-2016:0620
http://rhn.redhat.com/errata/RHSA-2016-0620.html
RedHat Security Advisories: RHSA-2016:0624
http://rhn.redhat.com/errata/RHSA-2016-0624.html
http://www.securitytracker.com/id/1035533
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
SuSE Security Announcement: SUSE-SU-2016:1022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:1024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:1028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
SuSE Security Announcement: openSUSE-SU-2016:1025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
http://www.ubuntu.com/usn/USN-2950-1
http://www.ubuntu.com/usn/USN-2950-2
http://www.ubuntu.com/usn/USN-2950-3
http://www.ubuntu.com/usn/USN-2950-4
http://www.ubuntu.com/usn/USN-2950-5
Common Vulnerability Exposure (CVE) ID: CVE-2015-7560
BugTraq ID: 84267
http://www.securityfocus.com/bid/84267
Debian Security Information: DSA-3514 (Google Search)
http://www.debian.org/security/2016/dsa-3514
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html
http://www.securitytracker.com/id/1035220
SuSE Security Announcement: SUSE-SU-2016:0814 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html
SuSE Security Announcement: SUSE-SU-2016:0816 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html
SuSE Security Announcement: SUSE-SU-2016:0837 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html
SuSE Security Announcement: SUSE-SU-2016:0905 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html
SuSE Security Announcement: openSUSE-SU-2016:0813 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
SuSE Security Announcement: openSUSE-SU-2016:0877 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html
http://www.ubuntu.com/usn/USN-2922-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8467
BugTraq ID: 79735
http://www.securityfocus.com/bid/79735
Common Vulnerability Exposure (CVE) ID: CVE-2016-2110
RedHat Security Advisories: RHSA-2016:0621
http://rhn.redhat.com/errata/RHSA-2016-0621.html
RedHat Security Advisories: RHSA-2016:0623
http://rhn.redhat.com/errata/RHSA-2016-0623.html
RedHat Security Advisories: RHSA-2016:0625
http://rhn.redhat.com/errata/RHSA-2016-0625.html
SuSE Security Announcement: openSUSE-SU-2016:1440 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00124.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2111
Common Vulnerability Exposure (CVE) ID: CVE-2016-2112
Common Vulnerability Exposure (CVE) ID: CVE-2016-2113
Common Vulnerability Exposure (CVE) ID: CVE-2016-2115
Common Vulnerability Exposure (CVE) ID: CVE-2016-2118
BugTraq ID: 86002
http://www.securityfocus.com/bid/86002
CERT/CC vulnerability note: VU#813296
https://www.kb.cert.org/vuls/id/813296
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.