openSUSE Security Update : samba (openSUSE-SU-2012:0583-1)

medium Nessus Plugin ID 74613

Synopsis

The remote openSUSE host is missing a security update.

Description

- docs-xml: fix default name resolve order; (bso#7564).

- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).

- docs: remove whitespace in example samba.ldif;
(bso#8789).

- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845).

- s3-docs: Prepend '/' to filename argument; (bso#8826).

- Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576).

Solution

Update the affected samba packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=757576

https://bugzilla.samba.org/show_bug.cgi?id=7564

https://bugzilla.samba.org/show_bug.cgi?id=8789

https://bugzilla.samba.org/show_bug.cgi?id=8826

https://bugzilla.samba.org/show_bug.cgi?id=8836

https://bugzilla.samba.org/show_bug.cgi?id=8845

https://lists.opensuse.org/opensuse-updates/2012-05/msg00003.html

Plugin Details

Severity: Medium

ID: 74613

File Name: openSUSE-2012-258.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, cpe:/o:novell:opensuse:12.1, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:samba-krb-printing, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-devel, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:ldapsmb

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 5/2/2012

Vulnerability Publication Date: 4/30/2012

Reference Information

CVE: CVE-2012-2111