Rapid7 Vulnerability & Exploit Database

SuSE 9.1 security update for samba

Back to Search

SuSE 9.1 security update for samba

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/01/2004
Created
07/25/2018
Added
11/01/2004
Modified
11/18/2015

Description

The system is missing one or more SuSE security patches. This version fixes several bugs in the Samba suite including two Denial of Service (DoS) Vulnerabilities Microsoft Windows XP clients with installed Service Pack 2 crash the Samba (smbd) process while printing. Using macros in the smb.conf 'log file' statement might lead to an infinite recursion. A wrong counter and pointer handling in samba-vscan sometimes lead to a crashed Samba (smbd) process. A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. This issue is known as CAN-2004-0807. A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. This issue is known as CAN-2004-0808.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;