Rapid7 Vulnerability & Exploit Database

RHSA-2003:095: New samba packages fix security vulnerabilities

Back to Search

RHSA-2003:095: New samba packages fix security vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
03/31/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated Samba packages are now available to fix security vulnerabilities found during a code audit. [Updated 24 March 2003] Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included. These packages contain Samba version 2.0.10 with a backported security fix. [Updated 1 April 2003] Updated Samba packages for Red Hat Linux 9 are now included. Please note that this issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US. Copies of Red Hat Linux 9 obtained through other means (such as from Red Hat Network, FTP, or international boxed sets) already contain the packages referenced by this erratum, and are not vulnerable to this issue.

Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. Sebastian Krahmer discovered a security vulnerability present in unpatched versions of Samba prior to 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Additionally, a race condition was discovered which could allow an attacker to overwrite critical system files. All users of Samba are advised to update to the packages listed in this errata which correct these vulnerabilities.

Solution(s)

  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;