Slackware Advisory SSA:2008-149-01 Samba Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2008-149-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-149-01

Insight

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue: 'Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations.' This flaw affects Samba versions from 3.0.0 through 3.0.29. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105

Severity

Classification

CVE CVE-2008-1105
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2003-260-01 OpenSSH updated again
Slackware Advisory SSA:2005-251-02 mod_ssl
Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
Slackware Advisory SSA:2005-251-01 kcheckpass in kdebase
Slackware Advisory SSA:2005-242-03 gaim

Slackware Advisory SSA:2008-149-01 samba

Take action and discover your vulnerabilities