oval:org.mitre.oval:def:25141
| Definition Id: oval:org.mitre.oval:def:25141 | |||
| Oval ID: | oval:org.mitre.oval:def:25141 | ||
| Title: | RHSA-2014:0867: samba security update (Moderate) | ||
| Description: | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. (CVE-2014-0178) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the original reporter of CVE-2014-0178, and Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0867-00 CESA-2014:0867 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | samba |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24953 | |||
| Oval ID: | oval:org.mitre.oval:def:24953 | ||
| Title: | The operating system installed on the system is Red Hat Enterprise Linux 7 | ||
| Description: | The operating system installed on the system is Red Hat Enterprise Linux 7. | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:redhat:enterprise_linux:7 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 7 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:25141 | |||
| Definition Id: oval:org.mitre.oval:def:24773 | |||
| Oval ID: | oval:org.mitre.oval:def:24773 | ||
| Title: | The operating system installed on the system is CentOS Linux 7.x | ||
| Description: | The operating system installed on the system is CentOS Linux 7.x | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:centos:centos:7 | Version: | 3 |
| Platform(s): | CentOS Linux 7 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:25141 | |||
