Mandriva Linux Security Advisory : samba (MDVSA-2010:119)

high Nessus Plugin ID 47042

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A vulnerability has been discovered and corrected in samba :

Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code (CVE-2010-2063).

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90

The updated packages have been patched to correct this issue.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 47042

File Name: mandriva_MDVSA-2010-119.nasl

Version: 1.17

Type: local

Published: 6/18/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64netapi-devel, p-cpe:/a:mandriva:linux:lib64netapi0, p-cpe:/a:mandriva:linux:lib64smbclient0, p-cpe:/a:mandriva:linux:lib64smbclient0-devel, p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel, p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel, p-cpe:/a:mandriva:linux:lib64smbsharemodes0, p-cpe:/a:mandriva:linux:lib64talloc-devel, p-cpe:/a:mandriva:linux:lib64talloc1, p-cpe:/a:mandriva:linux:lib64tdb-devel, p-cpe:/a:mandriva:linux:lib64tdb1, p-cpe:/a:mandriva:linux:lib64wbclient-devel, p-cpe:/a:mandriva:linux:lib64wbclient0, p-cpe:/a:mandriva:linux:libnetapi-devel, p-cpe:/a:mandriva:linux:libnetapi0, p-cpe:/a:mandriva:linux:libsmbclient0, p-cpe:/a:mandriva:linux:libsmbclient0-devel, p-cpe:/a:mandriva:linux:libsmbclient0-static-devel, p-cpe:/a:mandriva:linux:libsmbsharemodes-devel, p-cpe:/a:mandriva:linux:libsmbsharemodes0, p-cpe:/a:mandriva:linux:libtalloc-devel, p-cpe:/a:mandriva:linux:libtalloc1, p-cpe:/a:mandriva:linux:libtdb-devel, p-cpe:/a:mandriva:linux:libtdb1, p-cpe:/a:mandriva:linux:libwbclient-devel, p-cpe:/a:mandriva:linux:libwbclient0, p-cpe:/a:mandriva:linux:mount-cifs, p-cpe:/a:mandriva:linux:nss_wins, p-cpe:/a:mandriva:linux:samba-client, p-cpe:/a:mandriva:linux:samba-common, p-cpe:/a:mandriva:linux:samba-doc, p-cpe:/a:mandriva:linux:samba-server, p-cpe:/a:mandriva:linux:samba-swat, p-cpe:/a:mandriva:linux:samba-vscan-icap, p-cpe:/a:mandriva:linux:samba-winbind, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2010

Exploitable With

Metasploit (Samba chain_reply Memory Corruption (Linux x86))

Reference Information

CVE: CVE-2010-2063

BID: 40884

MDVSA: 2010:119