Test ID:	1.3.6.1.4.1.25623.1.0.50705
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:044 (samba)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to samba announced via advisory MDKSA-2003:044. An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0196 Bugtraq: 20030407 Immunix Secured OS 7+ samba update (Google Search) http://marc.info/?l=bugtraq&m=104974612519064&w=2 Bugtraq: 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=104973186901597&w=2 Debian Security Information: DSA-280 (Google Search) http://www.debian.org/security/2003/dsa-280 http://www.mandriva.com/security/advisories?name=MDKSA-2003:044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564 http://www.redhat.com/support/errata/RHSA-2003-137.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0201 BugTraq ID: 7294 http://www.securityfocus.com/bid/7294 Bugtraq: 20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise (Google Search) http://marc.info/?l=bugtraq&m=104972664226781&w=2 Bugtraq: 20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08 (Google Search) http://marc.info/?l=bugtraq&m=104981682014565&w=2 Bugtraq: 20030409 GLSA: samba (200304-02) (Google Search) http://marc.info/?l=bugtraq&m=104994564212488&w=2 CERT/CC vulnerability note: VU#267873 http://www.kb.cert.org/vuls/id/267873 Conectiva Linux advisory: CLA-2003:624 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624 http://www.digitaldefense.net/labs/advisories/DDI-1013.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567 SGI Security Advisory: 20030403-01-P ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P SuSE Security Announcement: SuSE-SA:2003:025 (Google Search) http://www.novell.com/linux/security/advisories/2003_025_samba.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.