Detections
Analytics
Debian DSA-2966-1 : samba - security update
low Nessus Plugin ID 76194
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server :- CVE-2014-0178 Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled.
- CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. A malformed packet can cause the nmbd server to enter an infinite loop, preventing it to process later requests to the Netbios name service.
- CVE-2014-3493 Denial of service (daemon crash) in the smbd file server daemon. An authenticated user attempting to read a Unicode path using a non-Unicode request can force the daemon to overwrite memory at an invalid address.
Solution
Upgrade the samba packages.For the stable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u4.
See Also
https://security-tracker.debian.org/tracker/CVE-2014-0178
https://security-tracker.debian.org/tracker/CVE-2014-0244
https://security-tracker.debian.org/tracker/CVE-2014-3493
Plugin Details
Severity: Low
ID: 76194
File Name: debian_DSA-2966.nasl
Version: 1.11
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 6/24/2014
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 3
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:samba, cpe:/o:debian:debian_linux:7.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 6/23/2014
Reference Information
CVE: CVE-2014-0178, CVE-2014-0244, CVE-2014-3493
DSA: 2966