Executive Summary

Summary
Titlesamba security update
Informations
NameRHSA-2011:0305First vendor Publication2011-03-01
VendorRedHatLast vendor Modification2011-03-01
Severity (Vendor) ImportantRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Samba is a suite of programs used by machines to share files, printers, and other information.

A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server (smbd) crashing. (CVE-2011-0719)

Red Hat would like to thank the Samba team for reporting this issue.

Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

678328 - CVE-2011-0719 Samba unsafe fd_set usage

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0305.html

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21898
 
Oval ID: oval:org.mitre.oval:def:21898
Title: RHSA-2011:0305: samba security update (Important)
Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Family: unix Class: patch
Reference(s): RHSA-2011:0305-01
CVE-2011-0719
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21518
 
Oval ID: oval:org.mitre.oval:def:21518
Title: RHSA-2011:0306: samba3x security update (Important)
Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Family: unix Class: patch
Reference(s): RHSA-2011:0306-01
CESA-2011:0306
CVE-2011-0719
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18907
 
Oval ID: oval:org.mitre.oval:def:18907
Title: CIFS Server (Samba), Remote Execution of Arbitrary Code, Denial of Service (DoS)
Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0719
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13439
 
Oval ID: oval:org.mitre.oval:def:13439
Title: USN-1075-1 -- samba vulnerability
Description: Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service.
Family: unix Class: patch
Reference(s): USN-1075-1
CVE-2011-0719
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12900
 
Oval ID: oval:org.mitre.oval:def:12900
Title: DSA-2175-1 samba -- missing input sanitisation
Description: Volker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service.
Family: unix Class: patch
Reference(s): DSA-2175-1
CVE-2011-0719
Version: 6
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23593
 
Oval ID: oval:org.mitre.oval:def:23593
Title: ELSA-2011:0305: samba security update (Important)
Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Family: unix Class: patch
Reference(s): ELSA-2011:0305-01
CVE-2011-0719
Version: 6
Platform(s): Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23192
 
Oval ID: oval:org.mitre.oval:def:23192
Title: ELSA-2011:0306: samba3x security update (Important)
Description: Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Family: unix Class: patch
Reference(s): ELSA-2011:0306-01
CVE-2011-0719
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27516
 
Oval ID: oval:org.mitre.oval:def:27516
Title: ELSA-2011-0306 -- samba3x security update (important)
Description: [3.5.4-0.70.1] - Security Release, fixes CVE-2011-0719 - resolves: #678332
Family: unix Class: patch
Reference(s): ELSA-2011-0306
CVE-2011-0719
Version: 2
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application128

OpenVAS Exploits

DateDescription
2012-08-10Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-07-30Name : CentOS Update for libsmbclient CESA-2011:0305 centos5 x86_64
File : nvt/gb_CESA-2011_0305_libsmbclient_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for samba3x CESA-2011:0306 centos5 x86_64
File : nvt/gb_CESA-2011_0306_samba3x_centos5_x86_64.nasl
2011-08-19Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl
2011-08-19Name : Fedora Update for samba FEDORA-2011-10367
File : nvt/gb_fedora_2011_10367_samba_fc14.nasl
2011-08-09Name : CentOS Update for libsmbclient CESA-2011:0305 centos5 i386
File : nvt/gb_CESA-2011_0305_libsmbclient_centos5_i386.nasl
2011-08-09Name : CentOS Update for samba3x CESA-2011:0306 centos5 i386
File : nvt/gb_CESA-2011_0306_samba3x_centos5_i386.nasl
2011-08-03Name : FreeBSD Ports: samba34
File : nvt/freebsd_samba34.nasl
2011-03-24Name : Fedora Update for samba FEDORA-2011-3118
File : nvt/gb_fedora_2011_3118_samba_fc14.nasl
2011-03-24Name : Fedora Update for samba FEDORA-2011-3120
File : nvt/gb_fedora_2011_3120_samba_fc13.nasl
2011-03-09Name : Debian Security Advisory DSA 2175-1 (samba)
File : nvt/deb_2175_1.nasl
2011-03-07Name : Mandriva Update for samba MDVSA-2011:038 (samba)
File : nvt/gb_mandriva_MDVSA_2011_038.nasl
2011-03-07Name : CentOS Update for samba CESA-2011:0305 centos4 i386
File : nvt/gb_CESA-2011_0305_samba_centos4_i386.nasl
2011-03-07Name : Ubuntu Update for samba vulnerability USN-1075-1
File : nvt/gb_ubuntu_USN_1075_1.nasl
2011-03-07Name : RedHat Update for samba RHSA-2011:0305-01
File : nvt/gb_RHSA-2011_0305-01_samba.nasl
2011-03-07Name : RedHat Update for samba3x RHSA-2011:0306-01
File : nvt/gb_RHSA-2011_0306-01_samba3x.nasl
2011-03-01Name : Samba 'FD_SET' Memory Corruption Vulnerability
File : nvt/gb_samba_46597.nasl
0000-00-00Name : Slackware Advisory SSA:2011-059-01 samba
File : nvt/esoft_slk_ssa_2011_059_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
71268Samba FD_SET Macro Memory Corruption

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_cifs-mount-110307.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0305.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0306.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_samba_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_samba_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-22.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-7396.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO
2011-06-22Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bfdbc7ec9c3f11e09bec6c626dd55a41.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_cifs-mount-110308.nasl - Type : ACT_GATHER_INFO
2011-04-29Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-7353.nasl - Type : ACT_GATHER_INFO
2011-04-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-110228.nasl - Type : ACT_GATHER_INFO
2011-04-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0306.nasl - Type : ACT_GATHER_INFO
2011-03-21Name : The remote Fedora host is missing a security update.
File : fedora_2011-3118.nasl - Type : ACT_GATHER_INFO
2011-03-21Name : The remote Fedora host is missing a security update.
File : fedora_2011-3120.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0305.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Samba server is affected by a memory corruption vulnerability.
File : samba_3_5_7.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0305.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0306.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2175.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-038.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1075-1.nasl - Type : ACT_GATHER_INFO
2011-03-01Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-059-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:24
  • Multiple Updates