Lucene search

K
debianDebianDEBIAN:DLA-156-1:7AF41
HistoryFeb 23, 2015 - 5:00 p.m.

[SECURITY] [DLA 156-1] samba security update

2015-02-2317:00:36
lists.debian.org
20

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

Package : samba
Version : 2:3.5.6~dfsg-3squeeze12
CVE ID : CVE-2015-0240
Debian Bug : 779033

Richard van Eeden of Microsoft Vulnerability Research discovered that
Samba, a SMB/CIFS file, print, and login server for Unix, contains a
flaw in the netlogon server code which allows remote code execution with
root privileges from an unauthenticated connection.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:3.5.6~dfsg-3squeeze12.

For the stable distribution (wheezy), this problem has been fixed in
version 2:3.6.6-6+deb7u5.

We recommend that you upgrade your samba packages.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%