ID de Prueba:	1.3.6.1.4.1.25623.1.0.64603
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:196 (samba)
Resumen:	The remote host is missing an update to samba;announced via advisory MDVSA-2009:196.
Descripción:	Summary: The remote host is missing an update to samba announced via advisory MDVSA-2009:196. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in samba: Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename (CVE-2009-1886). The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory (CVE-2009-1888). This update provides samba 3.2.13 to address these issues. Affected: 2009.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1886 1022441 http://www.securitytracker.com/id?1022441 35472 http://www.securityfocus.com/bid/35472 35539 http://secunia.com/advisories/35539 35573 http://secunia.com/advisories/35573 35606 http://secunia.com/advisories/35606 36918 http://secunia.com/advisories/36918 ADV-2009-1664 http://www.vupen.com/english/advisories/2009/1664 DSA-1823 http://www.debian.org/security/2009/dsa-1823 MDVSA-2009:196 http://www.mandriva.com/security/advisories?name=MDVSA-2009:196 SSA:2009-177-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591 USN-839-1 http://www.ubuntu.com/usn/USN-839-1 http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch http://www.samba.org/samba/security/CVE-2009-1886.html https://bugzilla.samba.org/show_bug.cgi?id=6478 samba-smbclient-format-string(51328) https://exchange.xforce.ibmcloud.com/vulnerabilities/51328 Common Vulnerability Exposure (CVE) ID: CVE-2009-1888 1022442 http://www.securitytracker.com/id?1022442 20091112 rPSA-2009-0145-1 samba samba-client samba-server samba-swat http://www.securityfocus.com/archive/1/507856/100/0/threaded http://wiki.rpath.com/Advisories:rPSA-2009-0145 http://www.samba.org/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch http://www.samba.org/samba/security/CVE-2009-1888.html oval:org.mitre.oval:def:10790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10790 oval:org.mitre.oval:def:7292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7292 samba-acl-security-bypass(51327) https://exchange.xforce.ibmcloud.com/vulnerabilities/51327
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.