Detections
Analytics

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : samba (SSA:2008-149-01)

high Nessus Plugin ID 32455

Synopsis

The remote Slackware host is missing a security update.

Description

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue: 'Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations.' This flaw affects Samba versions from 3.0.0 through 3.0.29.

Solution

Update the affected samba package.

See Also

http://www.nessus.org/u?c5ad0a43

Plugin Details

Severity: High

ID: 32455

File Name: Slackware_SSA_2008-149-01.nasl

Version: 1.16

Type: local

Published: 5/29/2008

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:slackware:slackware_linux:10.1, cpe:/o:slackware:slackware_linux:11.0, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:12.0, cpe:/o:slackware:slackware_linux:10.0, cpe:/o:slackware:slackware_linux:12.1, p-cpe:/a:slackware:slackware_linux:samba

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2008

Reference Information

CVE: CVE-2008-1105

BID: 29404

CWE: 119

SSA: 2008-149-01