|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:071: samba Vulnerability Assessment Details
|
MDKSA-2004:071: samba |
||
Check for the version of the samba package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2004:071 (samba). A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribute value when using the ldapsam passdb backend, and to decode input given to the ntlm_auth tool. This vulnerability only exists in Samba versions 3.0.2 or later the 3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend, and tose running winbindd and permiting third- party applications to issue authentication requests via ntlm_auth tool should upgrade immediately. (CVE-2004-0600) A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. This bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CVE-2004-0686) This update also fixes a bug where attempting to print in some cases would cause smbd to exit with a signal 11. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:071 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
Open Eye OE-MTX08 8TB Micro Server With Linux (Boots To Login) No Accessories
$294.95
$5.49
Red Hat Enterprise Linux 5 Server - New and Sealed
$16.99
IBM CS821 20-Core 2.827GHz 128Gb 1.92Tb SSD 1U Linux Server - 8005-12N Power 8
$599.95
1U BareMetal pfsense opnsense Router Firewall DNS Server 6x 10GB Ethernet Ports
$149.00
IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server 8408-E8E
$899.95
PFSENSE 15" Depth Server Router Firewall Supermicro X11SSH-F E3-1240 V5 32GB RAM
$382.00
IBM Power8 S822L 20-Core 3.42GHz 256Gb 1.2Tb 40G Elastic Storage Server 5148-22L
$599.95
1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB
$419.00
Dell PowerEdge R730xd Server 2.60Ghz 32-Core 64GB 800GB SSD Debian Linux
$836.80
|
||
No Discussions have been posted on this vulnerability. |