Mandriva Linux Security Advisory : samba (MDVSA-2014:136)

low Nessus Plugin ID 76480

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated samba packages fix security vulnerabilities :

Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493).

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0279.html

Plugin Details

Severity: Low

ID: 76480

File Name: mandriva_MDVSA-2014-136.nasl

Version: 1.7

Type: local

Published: 7/14/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64netapi0, p-cpe:/a:mandriva:linux:samba-virusfilter-sophos, p-cpe:/a:mandriva:linux:samba-winbind, p-cpe:/a:mandriva:linux:samba-virusfilter-clamav, p-cpe:/a:mandriva:linux:samba-virusfilter-fsecure, p-cpe:/a:mandriva:linux:samba-swat, p-cpe:/a:mandriva:linux:samba-domainjoin-gui, p-cpe:/a:mandriva:linux:samba-doc, p-cpe:/a:mandriva:linux:nss_wins, cpe:/o:mandriva:business_server:1, p-cpe:/a:mandriva:linux:lib64smbsharemodes0, p-cpe:/a:mandriva:linux:lib64netapi-devel, p-cpe:/a:mandriva:linux:lib64smbclient0-devel, p-cpe:/a:mandriva:linux:lib64wbclient-devel, p-cpe:/a:mandriva:linux:lib64wbclient0, p-cpe:/a:mandriva:linux:samba-server, p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel, p-cpe:/a:mandriva:linux:samba-client, p-cpe:/a:mandriva:linux:samba-common, p-cpe:/a:mandriva:linux:lib64smbsharemodes-devel, p-cpe:/a:mandriva:linux:lib64smbclient0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/11/2014

Reference Information

CVE: CVE-2014-0178, CVE-2014-0244, CVE-2014-3493

BID: 67686, 68148, 68150

MDVSA: 2014:136