Vulnerability Bulletins

int(1149)

Vulnerability Bulletins

Vulnerabilidad de desbordamiento de búfer en Samba
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Samba 3.0.x <= 3.0.7
Description
Se ha encontrado un problema en el manejo de las cadenas Unicode dentro del procesado de archivos de Samba lo cual podría causar un desbordamiento de búfer que permitiría a un atacante remoto insertar código arbitrario en el proceso smbd.
Solution
Actualización de software SUSE x86: SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/samba-3.0.7-5.2.i586.rpm patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/samba-3.0.7-5.2.i586.patch.rpm source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/samba-3.0.7-5.2.src.rpm SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-3.0.4-1.34.3.i586.rpm patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/samba-3.0.4-1.34.3.i586.patch.rpm source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/samba-3.0.4-1.34.3.src.rpm x86-64: SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/samba-3.0.7-5.2.x86_64.rpm patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/samba-3.0.7-5.2.x86_64.patch.rpm source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/samba-3.0.7-5.2.src.rpm SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-3.0.4-1.34.3.x86_64.rpm patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/samba-3.0.4-1.34.3.x86_64.patch.rpm source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/samba-3.0.4-1.34.3.src.rpm
Standar resources
Property	Value
CVE	CAN-2004-0882
BID
Other resources
SUSE Security Announcement (SUSE-SA:2004:040) http://www.suse.de/de/security/2004_40_samba.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-11-15

Vulnerability Bulletins

Vulnerabilidad de desbordamiento de búfer en Samba

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history