Test ID:	1.3.6.1.4.1.25623.1.0.53854
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 200-1 (samba)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to samba announced via advisory DSA 200-1. Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended. This problem has been fixed in version 2.2.3a-12 of the Debian samba packages and upstream version 2.2.7. Solution: https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20200-1 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1318 BugTraq ID: 6210 http://www.securityfocus.com/bid/6210 Bugtraq: 20021121 GLSA: samba (Google Search) http://marc.info/?l=bugtraq&m=103801986818076&w=2 Bugtraq: 20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=103859045302448&w=2 CERT/CC vulnerability note: VU#958321 http://www.kb.cert.org/vuls/id/958321 Computer Incident Advisory Center Bulletin: N-019 http://www.ciac.org/ciac/bulletins/n-019.shtml Computer Incident Advisory Center Bulletin: N-023 http://www.ciac.org/ciac/bulletins/n-023.shtml Conectiva Linux advisory: CLA-2002:550 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Debian Security Information: DSA-200 (Google Search) http://www.debian.org/security/2002/dsa-200 HPdes Security Advisory: HPSBUX0212-230 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467 http://www.redhat.com/support/errata/RHSA-2002-266.html SGI Security Advisory: 20021204-01-I ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580 SuSE Security Announcement: SuSE-SA:2002:045 (Google Search) http://www.novell.com/linux/security/advisories/2002_045_samba.html XForce ISS Database: samba-password-change-bo(10683) https://exchange.xforce.ibmcloud.com/vulnerabilities/10683
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.