Debian Security Advisory DSA 200-1 (samba) Network Vulnerability

Summary

The remote host is missing an update to samba announced via advisory DSA 200-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20200-1

Insight

Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended. This problem has been fixed in version 2.2.3a-12 of the Debian samba packages and upstream version 2.2.7.

Severity

Classification

CVE CVE-2002-1318

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1019-1 (koffice)
Debian Security Advisory DSA 059-1 (man-db)
Debian Security Advisory DSA 089-1 (icecast-server)
Debian Security Advisory DSA 013-1 (mysql)
Debian Security Advisory DSA 1026-1 (sash)

Take action and discover your vulnerabilities