Summary
The remote host is missing an update as announced
via advisory SSA:2008-149-01.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-149-01
Insight
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue:
'Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations.'
This flaw affects Samba versions from 3.0.0 through 3.0.29.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
Severity
Classification
-
CVE CVE-2008-1105 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities