Family: Debian Local Security Checks --> Category: infos
[DSA200] DSA-200-1 samba Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Steve Langasek found an exploitable bug in the password handling
code in samba: when converting from DOS code-page to little endian
UCS2 unicode a buffer length was not checked and a buffer could
be overflowed. There is no known exploit for this, but an upgrade
is strongly recommended.
This problem has been fixed in version 2.2.3a-12 of the Debian
samba packages and upstream version 2.2.7.
Solution : http://www.debian.org/security/2002/dsa-200
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.