Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:035: samba Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the samba package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:035 (samba).
A vulnerability was discovered in samba where a local user could use the smbmnt
utility, which is shipped suid root, to mount a file share from a remote server
which would contain a setuid program under the control of the user. By executing
this setuid program, the local user could elevate their rights on the local
The updated packages are patched to prevent this problem. The version of samba
shipped with Mandrakelinux 10.0 does not have this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:035
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.