Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2004:045: samba Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the samba package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2004:045 (samba).
The Samba developers informed us about several potential integer overflow
issues in the Samba 2 and Samba 3 code.
This update adds constraints to the Samba server code which protects it
from using values from untrusted sources as operands in arithmetic
operations to acertain heap memory space needed to copy data.
Without these limitations a remote attacker may be able to overflow the
heap memory of the process and to overwrite vital information structures
which can be abused to execute arbitrary code.
Solution : http://www.suse.de/security/advisories/2004_45_samba.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.