Summary
The remote host is missing an update to samba
announced via advisory DSA 2004-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202004-1
Insight
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-3297
Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points.
CVE-2010-0547
Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.
For the stable distribution (lenny), these problems have been fixed in version 2:3.2.5-4lenny9.
For the unstable distribution (sid), these problems have been fixed in version 2:3.4.5~dfsg-2.
We recommend that you upgrade your samba packages.
Severity
Classification
-
CVE CVE-2009-3297, CVE-2010-0547 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Debian Security Advisory DSA 1013-1 (snmptrapfmt)
- Debian Security Advisory DSA 2879-1 (libssh - security update)
- Debian Security Advisory DSA 2650-2 (libvirt - files and device nodes ownership change to kvm group)
- Debian Security Advisory DSA 285-1 (lprng)
- Debian Security Advisory DSA 1042-1 (cyrus-sasl2)