Ubuntu USN-839-1 (samba)

Summary
The remote host is missing an update to samba announced via advisory USN-839-1.
Solution
The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.9 smbfs 3.0.22-1ubuntu3.9 Ubuntu 8.04 LTS: samba 3.0.28a-1ubuntu4.9 smbfs 3.0.28a-1ubuntu4.9 Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.6 smbclient 2:3.2.3-1ubuntu3.6 smbfs 2:3.2.3-1ubuntu3.6 Ubuntu 9.04: samba 2:3.3.2-1ubuntu3.2 smbfs 2:3.3.2-1ubuntu3.2 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-839-1
Insight
J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. (CVE-2009-2813) Tim Prouty discovered that the smbd daemon in Samba incorrectly handled certain unexpected network replies. A remote attacker could send malicious replies to the server and cause smbd to use all available CPU, leading to a denial of service. (CVE-2009-2906) Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, would not verify user permissions before opening a credentials file. A local user could exploit this to use or read the contents of unauthorized credential files. (CVE-2009-2948) Reinhard Nißl discovered that the smbclient utility contained format string vulnerabilities in its file name handling. Because of security features in Ubuntu, exploitation of this vulnerability is limited. If a user or automated system were tricked into processing a specially crafted file name, smbclient could be made to crash, possibly leading to a denial of service. This only affected Ubuntu 8.10. (CVE-2009-1886) Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled permissions to modify access control lists when dos filemode is enabled. A remote attacker could exploit this to modify access control lists. This only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)