Rapid7 Vulnerability & Exploit Database

CESA-2003:138: samba security update

Back to Search

CESA-2003:138: samba security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/05/2003
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated Samba packages that fix a security vulnerability are now available.

Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Note that this is a different vulnerability than the one fixed by RHSA-2003:096. An exploit for this vulnerability is publicly available. All users of Samba are advised to update to the packages listed in this erratum, which contain a backported patch correcting this vulnerability.

Solution(s)

  • centos-upgrade-samba
  • centos-upgrade-samba-client
  • centos-upgrade-samba-common
  • centos-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;