SuSE 11.3 Security Update : Samba (SAT Patch Number 10321)

critical Nessus Plugin ID 81508

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Samba has been updated to fix one security issue :

- Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed :. (CVE-2015-0240)

- Realign the winbind request structure following require_membership_of field expansion. (bnc#913001)

- Reuse connections derived from DFS referrals (bso#10123, fate#316512).

- Set domain/workgroup based on authentication callback value (bso#11059).

- Fix spoolss error response marshalling (bso#10984).

- Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031).

- Fix handling of bad EnumJobs levels (bso#10898).

- Fix small memory-leak in the background print process;.
(bnc#899558)

- Prune idle or hung connections older than 'winbind request timeout' (bso#3204, bnc#872912).

Solution

Apply SAT patch number 10321.

Plugin Details

Severity: Critical

ID: 81508

File Name: suse_11_samba-20150217-150217.nasl

Version: 1.6

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/25/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:libtdb1-32bit, p-cpe:/a:novell:suse_linux:11:libtevent0, p-cpe:/a:novell:suse_linux:11:libtalloc2-32bit, p-cpe:/a:novell:suse_linux:11:samba-winbind, p-cpe:/a:novell:suse_linux:11:samba-client, p-cpe:/a:novell:suse_linux:11:samba-doc, p-cpe:/a:novell:suse_linux:11:libtdb1, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit, p-cpe:/a:novell:suse_linux:11:samba, p-cpe:/a:novell:suse_linux:11:libwbclient0, p-cpe:/a:novell:suse_linux:11:samba-client-32bit, p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit, p-cpe:/a:novell:suse_linux:11:samba-krb-printing, p-cpe:/a:novell:suse_linux:11:libsmbclient0, p-cpe:/a:novell:suse_linux:11:libldb1, p-cpe:/a:novell:suse_linux:11:libldb1-32bit, p-cpe:/a:novell:suse_linux:11:ldapsmb, p-cpe:/a:novell:suse_linux:11:libtevent0-32bit, p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit, p-cpe:/a:novell:suse_linux:11:samba-32bit, p-cpe:/a:novell:suse_linux:11:libtalloc2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2015

Reference Information

CVE: CVE-2015-0240

Detections

Analytics