DSA-2450Executive Summary
| Summary | |
|---|---|
| Title | samba security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2450 | First vendor Publication | 2012-04-12 |
| Vendor | Debian | Last vendor Modification | 2012-04-12 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection. For the stable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze7. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2:3.6.4-1. We recommend that you upgrade your samba packages. |
Original Source
| Url : http://www.debian.org/security/2012/dsa-2450 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-189 | Numeric Errors |
CPE : Common Platform Enumeration
Metasploit Database
| id | Description |
|---|---|
| 2012-04-10 | Samba SetInformationPolicy AuditEventsInfo Heap Overflow |
(Critical)
