Summary
The remote host is missing an update to samba
announced via advisory MDVSA-2009:196.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:196
Insight
Multiple vulnerabilities has been found and corrected in samba:
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename (CVE-2009-1886).
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory (CVE-2009-1888).
This update provides samba 3.2.13 to address these issues.
Affected: 2009.0, Enterprise Server 5.0
Severity
Classification
-
CVE CVE-2009-1886, CVE-2009-1888 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities