Rapid7 Vulnerability & Exploit Database

RHSA-2010:0698: samba3x security update

Back to Search

RHSA-2010:0698: samba3x security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/15/2010
Created
07/25/2018
Added
09/30/2010
Modified
07/04/2017

Description

Samba is a suite of programs used by machines to share files, printers, andother information.A missing array boundary checking flaw was found in the way Samba parsedthe binary representation of Windows security identifiers (SIDs). Amalicious client could send a specially-crafted SMB request to the Sambaserver, resulting in arbitrary code execution with the privileges of theSamba server (smbd). (CVE-2010-3069)Users of Samba are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, the smb service will be restarted automatically.

Solution(s)

  • redhat-upgrade-libtalloc
  • redhat-upgrade-libtalloc-devel
  • redhat-upgrade-libtdb
  • redhat-upgrade-libtdb-devel
  • redhat-upgrade-samba3x
  • redhat-upgrade-samba3x-client
  • redhat-upgrade-samba3x-common
  • redhat-upgrade-samba3x-doc
  • redhat-upgrade-samba3x-domainjoin-gui
  • redhat-upgrade-samba3x-swat
  • redhat-upgrade-samba3x-winbind
  • redhat-upgrade-samba3x-winbind-devel
  • redhat-upgrade-tdb-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;