Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2012.0515.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2012:0515-1)
Zusammenfassung:The remote host is missing an update for the 'Samba' package(s) announced via the SUSE-SU-2012:0515-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Samba' package(s) announced via the SUSE-SU-2012:0515-1 advisory.

Vulnerability Insight:
The following issues have been fixed in Samba:

* CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size
* CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions
* CVE-2012-0817: Fix memory leak in parent smbd on connection

Also the following non-security bugs have been fixed:

* s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys, (bso#8599).
* Correctly handle DENY ACEs when privileges apply,
(bso#8797).
* s3:smb2_server: fix a logic error, we should sign non guest sessions, (bso8749).
* Allow vfs_aio_pthread to build as a static module,
(bso#8723).
* s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs, (#bso8527).
* s3: segfault in dom_sid_compare(bso#8567).
* Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER, (bso#8768).
* s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path, (bso#8771).
* s3-winbindd: set the can_do_validation6 also for trusted domain, (bso#8599).
* Fix problem when calculating the share security mask,
take priviliges into account for the connecting user,
(bso#8784).
* Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups, (bso#8807), (bnc#751454).
* Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY, (bso#8760),
(bnc#741854).
* s3-printing: fix crash in printer_list_set_printer(),
(bso#8762), (bnc#746825).
* s3:winbindd fix a return code check, (bso#8406).
* s3: Add rmdir operation to streams_depot, (bso#8733).
* s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(), (bso#8738).
* s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(), (bso#8739).
* Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES, (bso#8631), (bnc#732572).
* Remove all precompiled idl output to ensure any pidl changes take effect, (bnc#757080).

Affected Software/OS:
'Samba' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP2, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Desktop 11 SP2

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0817
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html
http://secunia.com/advisories/47763
http://secunia.com/advisories/48879
SuSE Security Announcement: SUSE-SU-2012:0502 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
SuSE Security Announcement: SUSE-SU-2012:0515 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0870
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48116
http://secunia.com/advisories/48186
http://secunia.com/advisories/48844
SuSE Security Announcement: SUSE-SU-2012:0337 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
SuSE Security Announcement: SUSE-SU-2012:0338 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
http://www.ubuntu.com/usn/USN-1374-1
XForce ISS Database: blackberry-playbook-samba-code-execution(73361)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73361
Common Vulnerability Exposure (CVE) ID: CVE-2012-1182
Debian Security Information: DSA-2450 (Google Search)
http://www.debian.org/security/2012/dsa-2450
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html
HPdes Security Advisory: HPSBMU02790
http://marc.info/?l=bugtraq&m=133951282306605&w=2
HPdes Security Advisory: HPSBUX02789
http://marc.info/?l=bugtraq&m=134323086902585&w=2
HPdes Security Advisory: SSRT100824
HPdes Security Advisory: SSRT100872
http://www.mandriva.com/security/advisories?name=MDVSA-2012:055
http://www.securitytracker.com/id?1026913
http://secunia.com/advisories/48751
http://secunia.com/advisories/48754
http://secunia.com/advisories/48816
http://secunia.com/advisories/48818
http://secunia.com/advisories/48873
http://secunia.com/advisories/48999
SuSE Security Announcement: SUSE-SU-2012:0501 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0504 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html
http://www.ubuntu.com/usn/USN-1423-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.