Rapid7 Vulnerability & Exploit Database

RHSA-2010:0488: samba and samba3x security update

Back to Search

RHSA-2010:0488: samba and samba3x security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/17/2010
Created
07/25/2018
Added
06/29/2010
Modified
07/04/2017

Description

Samba is a suite of programs used by machines to share files, printers, andother information.An input sanitization flaw was found in the way Samba parsed client data. Amalicious client could send a specially-crafted SMB packet to the Sambaserver, resulting in arbitrary code execution with the privileges of theSamba server (smbd). (CVE-2010-2063)Red Hat would like to thank the Samba team for responsibly reporting thisissue. Upstream acknowledges Jun Mao as the original reporter.Users of Samba are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing thisupdate, the smb service will be restarted automatically.

Solution(s)

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-libtalloc
  • redhat-upgrade-libtalloc-devel
  • redhat-upgrade-libtdb
  • redhat-upgrade-libtdb-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-swat
  • redhat-upgrade-samba3x
  • redhat-upgrade-samba3x-client
  • redhat-upgrade-samba3x-common
  • redhat-upgrade-samba3x-doc
  • redhat-upgrade-samba3x-domainjoin-gui
  • redhat-upgrade-samba3x-swat
  • redhat-upgrade-samba3x-winbind
  • redhat-upgrade-samba3x-winbind-devel
  • redhat-upgrade-tdb-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;