|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-13] Samba: Integer overflow Vulnerability Scan
Vulnerability Scan Summary Samba: Integer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-13
(Samba: Integer overflow)
Samba contains a bug when unmarshalling specific MS-RPC requests from
clients.
Impact
A remote attacker may be able to execute arbitrary code with the
permissions of the user running Samba, which could be the root user.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154
http://www.samba.org/samba/security/CAN-2004-1154.html
Solution:
All samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.9-r1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|