Lucene search
Slackware: Security Advisory (SSA:2008-149-01)
ποΈΒ 10 Sep 2012Β 00:00:00Reported byΒ Copyright (C) 2012 Greenbone AGTypeΒ 
Β openvasπΒ plugins.openvas.orgπΒ 12Β Views
The remote host is missing an update for the 'samba' package(s) announced via the SSA:2008-149-01 advisory. New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue involving a heap overflow
Show more
| Reporter | Title | Published | Views | Family All 124 |
|---|---|---|---|---|
 | Scientific Linux Security Update : samba on SL5.x i386/x86_64 | 1 Aug 201200:00 | β | nessus |
| RHEL 4 : samba (RHSA-2008:0288) | 29 May 200800:00 | β | nessus |
| Fedora 9 : samba-3.2.0-1.rc1.14.fc9 (2008-4724) | 2 Jun 200800:00 | β | nessus |
| openSUSE 10 Security Update : cifs-mount (cifs-mount-5294) | 5 Jun 200800:00 | β | nessus |
| GLSA-200805-23 : Samba: Heap-based buffer overflow | 2 Jun 200800:00 | β | nessus |
| SuSE 10 Security Update : Samba (ZYPP Patch Number 5292) | 5 Jun 200800:00 | β | nessus |
| Mandriva Linux Security Advisory : samba (MDVSA-2008:108) | 23 Apr 200900:00 | β | nessus |
| RHEL 4 : samba (RHSA-2008:0289) | 24 Jan 201300:00 | β | nessus |
| SuSE9 Security Update : Samba (YOU Patch Number 12165) | 24 Sep 200900:00 | β | nessus |
| Debian DSA-1590-1 : samba - buffer overflow | 2 Jun 200800:00 | β | nessus |
10
| Source | Link |
|---|---|
| slackware | www.slackware.com/security/viewer.php |
| www.2008-149-01 |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.61458");
script_cve_id("CVE-2008-1105");
script_tag(name:"creation_date", value:"2012-09-10 23:34:21 +0000 (Mon, 10 Sep 2012)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Slackware: Security Advisory (SSA:2008-149-01)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Slackware Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(10\.0|10\.1|10\.2|11\.0|12\.0|12\.1|current)");
script_xref(name:"Advisory-ID", value:"SSA:2008-149-01");
script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951");
script_tag(name:"summary", value:"The remote host is missing an update for the 'samba' package(s) announced via the SSA:2008-149-01 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,
12.1, and -current to fix a security issue:
'Specifically crafted SMB responses can result in a heap overflow in the
Samba client code. Because the server process, smbd, can itself act as
a client during operations such as printer notification and domain
authentication, this issue affects both Samba client and server
installations.'
This flaw affects Samba versions from 3.0.0 through 3.0.29.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/samba-3.0.30-i486-1_slack12.1.tgz:
Upgraded to samba-3.0.30.
This is a security release in order to address CVE-2008-1105 ('Boundary
failure when parsing SMB responses can result in a buffer overrun').
For more information on the security issue, see:
[link moved to references]
(* Security fix *)
+--------------------------+");
script_tag(name:"affected", value:"'samba' package(s) on Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware current.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-slack.inc");
release = slk_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLK10.0") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack10.0", rls:"SLK10.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK10.1") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack10.1", rls:"SLK10.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK10.2") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack10.2", rls:"SLK10.2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK11.0") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack11.0", rls:"SLK11.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK12.0") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack12.0", rls:"SLK12.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLK12.1") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1_slack12.1", rls:"SLK12.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLKcurrent") {
if(!isnull(res = isslkpkgvuln(pkg:"samba", ver:"3.0.30-i486-1", rls:"SLKcurrent"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo10 Sep 2012 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS27.5
EPSS0.96005