Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:119 (samba)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67562

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:119 (samba)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to samba
announced via advisory MDVSA-2010:119.

A vulnerability has been discovered and corrected in samba:

Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory
corruption vulnerability. Code dealing with the chaining of SMB1
packets did not correctly validate an input field provided by the
client, making it possible for a specially crafted packet to crash
the server or potentially cause the server to execute arbitrary code
(CVE-2010-2063).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:119

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2063
1024107
http://www.securitytracker.com/id?1024107
20100616 Samba 3.3.12 Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873
40145
http://secunia.com/advisories/40145
40210
http://secunia.com/advisories/40210
40221
http://secunia.com/advisories/40221
40293
http://secunia.com/advisories/40293
40884
http://www.securityfocus.com/bid/40884
42319
http://secunia.com/advisories/42319
65518
http://osvdb.org/65518
ADV-2010-1486
http://www.vupen.com/english/advisories/2010/1486
ADV-2010-1504
http://www.vupen.com/english/advisories/2010/1504
ADV-2010-1505
http://www.vupen.com/english/advisories/2010/1505
ADV-2010-1507
http://www.vupen.com/english/advisories/2010/1507
ADV-2010-1517
http://www.vupen.com/english/advisories/2010/1517
ADV-2010-3063
http://www.vupen.com/english/advisories/2010/3063
APPLE-SA-2010-08-24-1
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
DSA-2061
http://www.debian.org/security/2010/dsa-2061
HPSBUX02609
http://marc.info/?l=bugtraq&m=129138831608422&w=2
HPSBUX02657
http://marc.info/?l=bugtraq&m=130835366526620&w=2
MDVSA-2010:119
http://www.mandriva.com/security/advisories?name=MDVSA-2010:119
RHSA-2010:0488
http://www.redhat.com/support/errata/RHSA-2010-0488.html
SSA:2010-169-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914
SSRT100147
SSRT100460
SUSE-SR:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
USN-951-1
http://ubuntu.com/usn/usn-951-1
[samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download
http://marc.info/?l=samba-announce&m=127668712312761&w=2
http://support.apple.com/kb/HT4312
http://www.samba.org/samba/ftp/history/samba-3.3.13.html
http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch
http://www.samba.org/samba/security/CVE-2010-2063.html
oval:org.mitre.oval:def:12427
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427
oval:org.mitre.oval:def:7115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115
oval:org.mitre.oval:def:9859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859
samba-smb1-code-execution(59481)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59481

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67562
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:119 (samba)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to samba announced via advisory MDVSA-2010:119. A vulnerability has been discovered and corrected in samba: Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code (CVE-2010-2063). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:119 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2063 1024107 http://www.securitytracker.com/id?1024107 20100616 Samba 3.3.12 Memory Corruption Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 40145 http://secunia.com/advisories/40145 40210 http://secunia.com/advisories/40210 40221 http://secunia.com/advisories/40221 40293 http://secunia.com/advisories/40293 40884 http://www.securityfocus.com/bid/40884 42319 http://secunia.com/advisories/42319 65518 http://osvdb.org/65518 ADV-2010-1486 http://www.vupen.com/english/advisories/2010/1486 ADV-2010-1504 http://www.vupen.com/english/advisories/2010/1504 ADV-2010-1505 http://www.vupen.com/english/advisories/2010/1505 ADV-2010-1507 http://www.vupen.com/english/advisories/2010/1507 ADV-2010-1517 http://www.vupen.com/english/advisories/2010/1517 ADV-2010-3063 http://www.vupen.com/english/advisories/2010/3063 APPLE-SA-2010-08-24-1 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html DSA-2061 http://www.debian.org/security/2010/dsa-2061 HPSBUX02609 http://marc.info/?l=bugtraq&m=129138831608422&w=2 HPSBUX02657 http://marc.info/?l=bugtraq&m=130835366526620&w=2 MDVSA-2010:119 http://www.mandriva.com/security/advisories?name=MDVSA-2010:119 RHSA-2010:0488 http://www.redhat.com/support/errata/RHSA-2010-0488.html SSA:2010-169-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914 SSRT100147 SSRT100460 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html USN-951-1 http://ubuntu.com/usn/usn-951-1 [samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download http://marc.info/?l=samba-announce&m=127668712312761&w=2 http://support.apple.com/kb/HT4312 http://www.samba.org/samba/ftp/history/samba-3.3.13.html http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch http://www.samba.org/samba/security/CVE-2010-2063.html oval:org.mitre.oval:def:12427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427 oval:org.mitre.oval:def:7115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115 oval:org.mitre.oval:def:9859 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859 samba-smb1-code-execution(59481) https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com