Description:
Certain versions of Samba do not correctly filter pathname requests from clients. As a result, a specially-crafted request can be made to access potentially sensitive objects outside of the designated share directory.
References:- BID: http://www.securityfocus.com/bid/11281
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0815
- DEBIAN: http://www.debian.org/security/DSA-/DSA-600-1
- MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2004:104
- OSVDB: http://www.osvdb.org/displayvuln.php?osvdb_id=10464
- REDHAT: http://rhn.redhat.com/errata/RHSA-2004-498.html
- SUN: http://sunsolve.sun.com/search/document.do?assetkey=1-22-101584-1
- SUN: http://sunsolve.sun.com/search/document.do?assetkey=1-22-57664-1
- SUSE: http://www.novell.com/linux/security/advisories.html
- URL: http://distro.conectiva.com.br/atualizacoes/?id=a
- URL: http://marc.theaimsgroup.com/?l=bugtraq
- URL: http://us4.samba.org/samba/news/#security_2.2.12
- URL: http://www.idefense.com/application/poi/display?id=146
- URL: http://www.securityfocus.com/archive/1/377618
- URL: http://www.trustix.org/errata/2004/0051/
- URL: https://bugzilla.fedora.us/show_bug.cgi?id=2102
- XF: http://xforce.iss.net/xforce/xfdb/17556
Solution:
- Upgrade to Samba v2.2.12
Download and apply the upgrade from: http://hostopia.samba.org/samba/ftp/stable/samba-2.2.12.tar.gz - Upgrade to Samba 3.0.7
Download and apply the upgrade from: http://us4.samba.org/samba/ftp/stable/samba-3.0.7.tar.gz
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.
0 comments:
Post a Comment