English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59534
Category:Fedora Local Security Checks
Title:Fedora Core 5 FEDORA-2007-506 (samba)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to samba
announced via advisory FEDORA-2007-506.

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB server that can be used to
provide network services to SMB (sometimes called Lan Manager)
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

Update Information:

This release of Samba fixes some Serious security bugs:
- CVE-2007-2444
- CVE-2007-2446
- CVE-2007-2447

Official upstream announcements here:
http://www.samba.org/samba/security/CVE-2007-2444.html
http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.samba.org/samba/security/CVE-2007-2447.html

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2007-506

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2444
1018049
http://www.securitytracker.com/id?1018049
102964
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
200588
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
2007-0017
http://www.trustix.org/errata/2007/0017/
20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
http://www.securityfocus.com/archive/1/468548/100/0/threaded
20070515 FLEA-2007-0017-1: samba
http://www.securityfocus.com/archive/1/468670/100/0/threaded
23974
http://www.securityfocus.com/bid/23974
25232
http://secunia.com/advisories/25232
25241
http://secunia.com/advisories/25241
25246
http://secunia.com/advisories/25246
25251
http://secunia.com/advisories/25251
25255
http://secunia.com/advisories/25255
25256
http://secunia.com/advisories/25256
25259
http://secunia.com/advisories/25259
25270
http://secunia.com/advisories/25270
25289
http://secunia.com/advisories/25289
25675
http://secunia.com/advisories/25675
25772
http://secunia.com/advisories/25772
2701
http://securityreason.com/securityalert/2701
34698
http://osvdb.org/34698
ADV-2007-1805
http://www.vupen.com/english/advisories/2007/1805
ADV-2007-2210
http://www.vupen.com/english/advisories/2007/2210
ADV-2007-2281
http://www.vupen.com/english/advisories/2007/2281
DSA-1291
http://www.debian.org/security/2007/dsa-1291
GLSA-200705-15
http://security.gentoo.org/glsa/glsa-200705-15.xml
HPSBTU02218
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
MDKSA-2007:104
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
OpenPKG-SA-2007.012
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
SSA:2007-134-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
SSRT071424
SUSE-SA:2007:031
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
USN-460-1
http://www.ubuntu.com/usn/usn-460-1
USN-460-2
http://www.ubuntu.com/usn/usn-460-2
http://www.samba.org/samba/security/CVE-2007-2444.html
https://issues.rpath.com/browse/RPL-1366
Common Vulnerability Exposure (CVE) ID: CVE-2007-2446
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 23973
http://www.securityfocus.com/bid/23973
BugTraq ID: 24195
http://www.securityfocus.com/bid/24195
BugTraq ID: 24196
http://www.securityfocus.com/bid/24196
BugTraq ID: 24197
http://www.securityfocus.com/bid/24197
BugTraq ID: 24198
http://www.securityfocus.com/bid/24198
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution (Google Search)
http://www.securityfocus.com/archive/1/468542/100/0/threaded
Bugtraq: 20070515 FLEA-2007-0017-1: samba (Google Search)
Bugtraq: 20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468674/100/0/threaded
Bugtraq: 20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468675/100/0/threaded
Bugtraq: 20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468673/100/0/threaded
Bugtraq: 20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468672/100/0/threaded
Bugtraq: 20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468680/100/0/threaded
CERT/CC vulnerability note: VU#773720
http://www.kb.cert.org/vuls/id/773720
Debian Security Information: DSA-1291 (Google Search)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
HPdes Security Advisory: HPSBTU02218
HPdes Security Advisory: HPSBUX02218
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
HPdes Security Advisory: SSRT071424
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
http://osvdb.org/34699
http://osvdb.org/34731
http://www.osvdb.org/34732
http://osvdb.org/34733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415
http://www.redhat.com/support/errata/RHSA-2007-0354.html
http://www.securitytracker.com/id?1018050
http://secunia.com/advisories/25257
http://secunia.com/advisories/25391/
http://secunia.com/advisories/25567
http://secunia.com/advisories/26235
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://secunia.com/advisories/28292
http://securityreason.com/securityalert/2702
SuSE Security Announcement: SUSE-SA:2007:031 (Google Search)
http://www.vupen.com/english/advisories/2007/2079
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3229
http://www.vupen.com/english/advisories/2008/0050
XForce ISS Database: samba-lsaioprivilegeset-bo(34309)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34309
XForce ISS Database: samba-lsaiotransnames-bo(34316)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34316
XForce ISS Database: samba-netdfsiodfsenuminfod-bo(34311)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34311
XForce ISS Database: samba-secioacl-bo(34314)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34314
XForce ISS Database: samba-smbionotifyoptiontypedata-bo(34312)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34312
Common Vulnerability Exposure (CVE) ID: CVE-2007-2447
BugTraq ID: 23972
http://www.securityfocus.com/bid/23972
Bugtraq: 20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468565/100/0/threaded
CERT/CC vulnerability note: VU#268336
http://www.kb.cert.org/vuls/id/268336
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://www.osvdb.org/34700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
http://www.securitytracker.com/id?1018051
http://secunia.com/advisories/26083
http://securityreason.com/securityalert/2700
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-0452
1017587
http://securitytracker.com/id?1017587
2007-0007
http://www.trustix.org/errata/2007/0007
20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d
http://www.securityfocus.com/archive/1/459167/100/0/threaded
20070207 rPSA-2007-0026-1 samba samba-swat
http://www.securityfocus.com/archive/1/459365/100/0/threaded
2219
http://securityreason.com/securityalert/2219
22395
http://www.securityfocus.com/bid/22395
24021
http://secunia.com/advisories/24021
24030
http://secunia.com/advisories/24030
24046
http://secunia.com/advisories/24046
24060
http://secunia.com/advisories/24060
24067
http://secunia.com/advisories/24067
24076
http://secunia.com/advisories/24076
24101
http://secunia.com/advisories/24101
24140
http://secunia.com/advisories/24140
24145
http://secunia.com/advisories/24145
24151
http://secunia.com/advisories/24151
24188
http://secunia.com/advisories/24188
24284
http://secunia.com/advisories/24284
24792
http://secunia.com/advisories/24792
33100
http://osvdb.org/33100
ADV-2007-0483
http://www.vupen.com/english/advisories/2007/0483
ADV-2007-1278
http://www.vupen.com/english/advisories/2007/1278
DSA-1257
http://www.debian.org/security/2007/dsa-1257
FEDORA-2007-219
http://fedoranews.org/cms/node/2579
FEDORA-2007-220
http://fedoranews.org/cms/node/2580
GLSA-200702-01
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
HPSBUX02204
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462
MDKSA-2007:034
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
RHSA-2007:0060
http://www.redhat.com/support/errata/RHSA-2007-0060.html
RHSA-2007:0061
http://www.redhat.com/support/errata/RHSA-2007-0061.html
SSA:2007-038-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
SSRT071341
SUSE-SA:2007:016
http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html
USN-419-1
http://www.ubuntu.com/usn/usn-419-1
http://us1.samba.org/samba/security/CVE-2007-0452.html
https://issues.rpath.com/browse/RPL-1005
oval:org.mitre.oval:def:9758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9758
samba-smbd-filerename-dos(32301)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32301
Common Vulnerability Exposure (CVE) ID: CVE-2006-3403
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BugTraq ID: 18927
http://www.securityfocus.com/bid/18927
Bugtraq: 20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd (Google Search)
http://www.securityfocus.com/archive/1/439875/100/0/threaded
Bugtraq: 20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd (Google Search)
http://www.securityfocus.com/archive/1/439757/100/0/threaded
Bugtraq: 20060711 rPSA-2006-0128-1 samba samba-swat (Google Search)
http://www.securityfocus.com/archive/1/439880/100/100/threaded
Bugtraq: 20060720 Samba Internal Data Structures DOS Vulnerability Exploit (Google Search)
http://www.securityfocus.com/archive/1/440767/100/0/threaded
Bugtraq: 20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit (Google Search)
http://www.securityfocus.com/archive/1/440836/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451426/100/200/threaded
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#313836
http://www.kb.cert.org/vuls/id/313836
Debian Security Information: DSA-1110 (Google Search)
http://www.debian.org/security/2006/dsa-1110
http://security.gentoo.org/glsa/glsa-200607-10.xml
HPdes Security Advisory: HPSBUX02155
http://www.securityfocus.com/archive/1/448957/100/0/threaded
HPdes Security Advisory: SSRT061235
http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355
http://www.redhat.com/support/errata/RHSA-2006-0591.html
http://securitytracker.com/id?1016459
http://secunia.com/advisories/20980
http://secunia.com/advisories/20983
http://secunia.com/advisories/21018
http://secunia.com/advisories/21019
http://secunia.com/advisories/21046
http://secunia.com/advisories/21086
http://secunia.com/advisories/21143
http://secunia.com/advisories/21159
http://secunia.com/advisories/21187
http://secunia.com/advisories/21190
http://secunia.com/advisories/21262
http://secunia.com/advisories/22875
http://secunia.com/advisories/23155
SGI Security Advisory: 20060703-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
SuSE Security Announcement: SUSE-SR:2006:017 (Google Search)
http://www.novell.com/linux/security/advisories/2006_17_sr.html
http://www.ubuntu.com/usn/usn-314-1
http://www.vupen.com/english/advisories/2006/2745
http://www.vupen.com/english/advisories/2006/4502
http://www.vupen.com/english/advisories/2006/4750
XForce ISS Database: samba-smbd-connection-dos(27648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.