Solution
Please Install the Updated Packages.
Insight
Samba is a suite of programs used by machines to share files, printers, and other information.
A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069)
For Red Hat Enterprise Linux 4, this update also fixes the following bug:
* Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error:
/var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found
With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602)
Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically.
Affected
samba on CentOS 3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-3069 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities