Vulnerabilities > CVE-2007-0454 - USE of Externally-Controlled Format String vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
samba
debian
mandrakesoft
CWE-134
nessus

Summary

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1257.NASL
    descriptionSeveral remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0452 It was discovered that incorrect handling of deferred file open calls may lead to an infinite loop, which results in denial of service. - CVE-2007-0454
    last seen2020-06-01
    modified2020-06-02
    plugin id24296
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24296
    titleDebian DSA-1257-1 : samba - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1257. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24296);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0452", "CVE-2007-0454");
      script_xref(name:"DSA", value:"1257");
    
      script_name(english:"Debian DSA-1257-1 : samba - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in samba, a free
    implementation of the SMB/CIFS protocol, which may lead to the
    execution of arbitrary code or denial of service. The Common
    Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2007-0452
        It was discovered that incorrect handling of deferred
        file open calls may lead to an infinite loop, which
        results in denial of service.
    
      - CVE-2007-0454
        'zybadawg333' discovered that the AFS ACL mapping VFS
        plugin performs insecure format string handling, which
        may lead to the execution of arbitrary code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-0454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2007/dsa-1257"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the samba package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 3.0.14a-3sarge4.
    
    For the upcoming stable distribution (etch) these problems have been
    fixed in version 3.0.23d-5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libpam-smbpass", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"libsmbclient", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"libsmbclient-dev", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"python2.3-samba", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"samba", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"samba-common", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"samba-dbg", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"samba-doc", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"smbclient", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"smbfs", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"swat", reference:"3.0.14a-3sarge4")) flag++;
    if (deb_check(release:"3.1", prefix:"winbind", reference:"3.0.14a-3sarge4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200702-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200702-01 (Samba: Multiple vulnerabilities) A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Impact : A user with permission to write to a shared AFS file system may be able to compromise the smbd process and execute arbitrary code with the permissions of the daemon. The infinite loop could be abused to consume excessive resources on the smbd host, denying service to legitimate users. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24350
    published2007-02-15
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24350
    titleGLSA-200702-01 : Samba: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200702-01.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24350);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_bugtraq_id(22395, 22403);
      script_xref(name:"GLSA", value:"200702-01");
    
      script_name(english:"GLSA-200702-01 : Samba: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200702-01
    (Samba: Multiple vulnerabilities)
    
        A format string vulnerability exists in the VFS module when handling
        AFS file systems and an infinite loop has been discovered when handling
        file rename operations.
      
    Impact :
    
        A user with permission to write to a shared AFS file system may be able
        to compromise the smbd process and execute arbitrary code with the
        permissions of the daemon. The infinite loop could be abused to consume
        excessive resources on the smbd host, denying service to legitimate
        users.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # http://samba.org/samba/security/CVE-2007-0452.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2007-0452.html"
      );
      # http://samba.org/samba/security/CVE-2007-0454.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2007-0454.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200702-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Samba users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.24'"
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 3.0.24"), vulnerable:make_list("lt 3.0.24"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-419-1.NASL
    descriptionA flaw was discovered in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id28011
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28011
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : samba vulnerabilities (USN-419-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-419-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28011);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2007-0452", "CVE-2007-0454");
      script_xref(name:"USN", value:"419-1");
    
      script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : samba vulnerabilities (USN-419-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in Samba's file opening code, which in certain
    situations could lead to an endless loop, resulting in a denial of
    service. (CVE-2007-0452)
    
    A format string overflow was discovered in Samba's ACL handling on AFS
    shares. Remote users with access to an AFS share could create crafted
    filenames and execute arbitrary code with root privileges.
    (CVE-2007-0454).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/419-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpam-smbpass");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:smbfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.10", pkgname:"libpam-smbpass", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libsmbclient", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libsmbclient-dev", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"python2.4-samba", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"samba", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"samba-common", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"samba-dbg", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"samba-doc", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"smbclient", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"smbfs", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"swat", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"winbind", pkgver:"3.0.14a-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libpam-smbpass", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libsmbclient-dev", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"python2.4-samba", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"samba", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"samba-common", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"samba-dbg", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"samba-doc", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"samba-doc-pdf", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"smbclient", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"smbfs", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"swat", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"winbind", pkgver:"3.0.22-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libpam-smbpass", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libsmbclient", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"libsmbclient-dev", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"python2.4-samba", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"samba", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"samba-common", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"samba-dbg", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"samba-doc", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"samba-doc-pdf", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"smbclient", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"smbfs", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"swat", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"winbind", pkgver:"3.0.22-1ubuntu4.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpam-smbpass / libsmbclient / libsmbclient-dev / python2.4-samba / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_57AE52F7B9CC11DBBF0F0013720B182D.NASL
    descriptionThe Samba Team reports : NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the format string in a call to snprintf(). This bug becomes exploitable only when a user is able to write to a share which utilizes Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id24825
    published2007-03-16
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24825
    titleFreeBSD : samba -- format string bug in afsacl.so VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24825);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2007-0454");
    
      script_name(english:"FreeBSD : samba -- format string bug in afsacl.so VFS plugin (57ae52f7-b9cc-11db-bf0f-0013720b182d)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Samba Team reports :
    
    NOTE: This security advisory only impacts Samba servers that share AFS
    file systems to CIFS clients and which have been explicitly instructed
    in smb.conf to load the afsacl.so VFS module.
    
    The source defect results in the name of a file stored on disk being
    used as the format string in a call to snprintf(). This bug becomes
    exploitable only when a user is able to write to a share which
    utilizes Samba's afsacl.so library for setting Windows NT access
    control lists on files residing on an AFS file system."
      );
      # http://www.samba.org/samba/security/CVE-2007-0454.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2007-0454.html"
      );
      # https://vuxml.freebsd.org/freebsd/57ae52f7-b9cc-11db-bf0f-0013720b182d.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b4adde32"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"samba>=3.0.6,1<3.0.24,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"ja-samba>=3.0.6,1<3.0.24,1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idSAMBA_3_0_24.NASL
    descriptionAccording to its version number, the remote Samba server is affected by several flaws : - A denial of service issue occuring if an authenticated attacker sends a large number of CIFS session requests which will cause an infinite loop to occur in the smbd daemon, thus utilizing CPU resources and denying access to legitimate users ; - A remote format string vulnerability that could be exploited by an attacker with write access to a remote share by sending a malformed request to the remote service (this issue only affects installations sharing an AFS file system when the afsacl.so VFS module is loaded) - A remote buffer overflow vulnerability affecting the NSS lookup capability of the remote winbindd daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id24685
    published2007-02-22
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24685
    titleSamba < 3.0.24 Multiple Flaws
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(24685);
     script_version("1.17");
     script_cvs_date("Date: 2018/07/27 18:38:14");
    
     script_cve_id("CVE-2007-0452", "CVE-2007-0453", "CVE-2007-0454");
     script_bugtraq_id(22395, 22403, 22410);
    
     script_name(english:"Samba < 3.0.24 Multiple Flaws");
     script_summary(english:"Checks the version of Samba");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote Samba server is affected by several vulnerabilities that
    could lead to remote code execution");
     script_set_attribute(attribute:"description", value:
    "According to its version number, the remote Samba server is affected
    by several flaws :
    
      - A denial of service issue occuring if an authenticated
        attacker sends a large number of CIFS session requests
        which will cause an infinite loop to occur in the smbd
        daemon, thus utilizing CPU resources and denying access
        to legitimate users ;
    
      - A remote format string vulnerability that could be
        exploited by an attacker with write access to a remote
        share by sending a malformed request to the remote
        service (this issue only affects installations sharing
        an AFS file system when the afsacl.so VFS module is
        loaded)
    
      - A remote buffer overflow vulnerability affecting the NSS
        lookup capability of the remote winbindd daemon");
     script_set_attribute(attribute:"solution", value:"Upgrade to Samba 3.0.24 or newer");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/05");
     script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/22");
    
     script_set_attribute(attribute:"potential_vulnerability", value:"true");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
    
     script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
     script_family(english:"Misc.");
    
     script_dependencie("smb_nativelanman.nasl");
     script_require_keys("Settings/ParanoidReport", "SMB/NativeLanManager");
    
     exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    
    #
    # Many distributions backported the fixes so this check
    # is unreliable
    #
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    lanman = get_kb_item("SMB/NativeLanManager");
    if("Samba" >< lanman)
    {
     if(ereg(pattern:"Samba 3\.0\.([0-9]|1[0-9]|2[0-3])[^0-9]*$", string:lanman, icase:TRUE))
       security_hole(get_kb_item("SMB/transport"));
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-034.NASL
    descriptionA logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. (CVE-2007-0452) The name of a file on the server
    last seen2020-06-01
    modified2020-06-02
    plugin id24647
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24647
    titleMandrake Linux Security Advisory : samba (MDKSA-2007:034)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:034. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24647);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2007-0452", "CVE-2007-0454");
      script_bugtraq_id(22403);
      script_xref(name:"MDKSA", value:"2007:034");
    
      script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2007:034)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A logic error in the deferred open code for smbd may allow an
    authenticated user to exhaust resources such as memory and CPU on the
    server by opening multiple CIFS sessions, each of which will normally
    spawn a new smbd process, and sending each connection into an infinite
    loop. (CVE-2007-0452)
    
    The name of a file on the server's share is used as the format string
    when setting an NT security descriptor through the afsacl.so VFS
    plugin. (CVE-2007-0454)
    
    Updated packages have been patched to address these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount-cifs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-smbldap-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-icap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-devel-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mount-cifs-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"nss_wins-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-client-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-common-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-doc-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-mysql-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-pgsql-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-xml-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-server-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-smbldap-tools-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-swat-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-clamav-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-icap-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-winbind-3.0.20-3.2.20060mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64smbclient0-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsmbclient0-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsmbclient0-devel-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"mount-cifs-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"nss_wins-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-client-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-common-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-doc-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-server-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-smbldap-tools-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-swat-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-vscan-clamav-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-vscan-icap-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"samba-winbind-3.0.23d-2.1mdv2007.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-038-01.NASL
    descriptionNew samba packages are available for Slackware 10.0, 10.1, 10.2, and 11.0 to fix a denial-of-service security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24668
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24668
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 : samba (SSA:2007-038-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2007-038-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24668);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2007-0452", "CVE-2007-0453", "CVE-2007-0454");
      script_xref(name:"SSA", value:"2007-038-01");
    
      script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 11.0 : samba (SSA:2007-038-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New samba packages are available for Slackware 10.0, 10.1, 10.2, and
    11.0 to fix a denial-of-service security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a94795e7"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected samba package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.24", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++;
    
    if (slackware_check(osver:"10.1", pkgname:"samba", pkgver:"3.0.24", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;
    
    if (slackware_check(osver:"10.2", pkgname:"samba", pkgver:"3.0.24", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;
    
    if (slackware_check(osver:"11.0", pkgname:"samba", pkgver:"3.0.24", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Seebug

bulletinFamilyexploit
descriptionSamba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞,攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。 Samba在调用snprintf()时将磁盘上所储存的文件名用作了格式串,如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话,就可能通过文件名中的格式串标识符导致执行任意代码。 这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.so VFS模块的Samba服务器。 Samba 3.0.6 - 3.0.23d 临时解决方法: * 在smb.conf中删除所有对afsacl.so VFS模块的引用。 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1257-1)以及相应补丁: DSA-1257-1:New samba packages fix several vulnerabilities 链接:<a href="http://www.debian.org/security/2007/dsa-1257" target="_blank">http://www.debian.org/security/2007/dsa-1257</a> 补丁下载: Source archives: <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.dsc" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.dsc</a> Size/MD5 checksum: 1081 e31451e53dc1183440dd1c01f1f4d8bd <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.diff.gz</a> Size/MD5 checksum: 115542 122eb7e1092f1664e0988a172dde49ba <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz</a> Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8 Architecture independent components: <a href="http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge4_all.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge4_all.deb</a> Size/MD5 checksum: 12117006 428b452562de4a6d2795884c74174bba Alpha architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 401226 ed1513a6d5dd3a208cf9e84e824576a1 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 659264 5437692a3433b5da9d6f7cca0ae31310 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 1014026 c89075de31bd0c5b369c1f1991faeab4 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 5231866 0ce699ad269ed26e0996326d1a60fdc6 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 3126076 3e9ff19d65e609ae9e318f97ffb3af1a <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 2406170 cdd82ccac3caad5faf3870c02ffe64e3 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 20261304 137818bb48718533dd7d253ee8b8a4d2 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 3247978 ee1cb7cd162e40784214c435a1e63a89 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 458542 16e0d4c7545dcafaf3c0e1d80e36e00e <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 4222536 9921fbf27e8bb38c7d2e38b7f23ee3b4 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_alpha.deb</a> Size/MD5 checksum: 1822012 14bf0809e5c6405f54ba731c746b9c44 AMD64 architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 380778 0378f51516ff104a740f1a6644d0f9ea <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 599290 58a5cd47d9aec39479c7c62d30cf4932 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 795124 20560796c1a287ac736268caa8a0b0e0 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 5197736 c409c5d3c8b275a1536a32b24d664aa7 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 2806656 e305394ee72239cb6443a8a226a92ac5 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 2192500 a77b9ad2c6ab8ec9d22591790e8acf51 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 6480858 46b78f9ea914f53c4886d50b52fc7bd9 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 2865002 eb2a8a1c350b626f7b7bfb6649c404c8 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 410126 b477bb9f6b1dd09946f52aec4fee5ad1 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 4122044 563961794778dfbc28ebebaa35246e66 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_amd64.deb</a> Size/MD5 checksum: 1649816 f89fe53052cc2ac48a257ccb2bd730c0 ARM architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 340974 b70bba74799a2d21c5c09ea212aa2993 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 544332 eb0976cd484f2142ae83c1fd58691f26 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 822300 d4d4861f9d172ce7ce0f6aaff14ffb18 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 4644696 d0ea3ef433c97a575b83dec2dc78001a <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 2556438 636cf0924bffa5d81bfd905e845c2f08 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 2008618 ee6a0daeca1b4b9a167f64c8a784fb73 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 6654330 00b027d23e3c0c5c9320a82c96a4301b <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 2595574 cef0eed3fe5f611faf5561c004b9ec91 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 375492 5103b1b22eefb9b09cc2801cb97f8b2d <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 4063646 ac89ce6ec4a02db7b89cfd2c6551f53c <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_arm.deb</a> Size/MD5 checksum: 1482292 953bd5aa649fd1c23109649ca4e64173 HP Precision architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 403440 691603900e6cab414dccb516afeeebc1 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 643320 5329c5914085e9cec652629d270ca835 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 893964 b11f75762493ff460d37a808e2b2cf1c <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 5548728 d0a3f7231ea5d2b9fa257188d6b84d46 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 2862788 6a689a7ef4e19a15dee9b9cd9ac5fafe <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 2213182 d05600d0ce064b2d625d574f5c8d982a <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 6460708 60c9e3b18f95037a946f6007e284b1b6 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 2913120 1076d43282a731e0e2f99945d84700e2 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 416396 8e554e8ccd786e79a570b1bbac043080 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 4134054 97d30ae09c589a860f0ff9868089558e <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_hppa.deb</a> Size/MD5 checksum: 1689382 e4a5a4a936131f6b5ad0196653269f01 Intel IA-32 architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 347608 c1cff601820cae3af4f9ecb3decca718 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 550154 31131b0fa8f2d3dc62a2bc003927aec8 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 740546 3232f4931d7f1be55c609c5712f08b90 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 4752760 91d232207c14b3907370de4d3abae3c2 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 2522706 201d6bdc9954a6cbfe6e46244201ba3d <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 1988408 1ca854f5c54f2c2980ad54b2ec92025d <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 6640724 568c12f5f79179352f4457ac3dab1f7d <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 2535976 2c8b864145af6ef09e5357e19590cecb <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 371120 4874ebfc6749e3a20fa362f929a14d84 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 4053316 93a68f15d73d70d49531e3f038f0064a <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_i386.deb</a> Size/MD5 checksum: 1463906 39d8fd5aa5bfa5aab5aab7db8ce97b5d Intel IA-64 architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 472432 aac440872855901224e388ee45dac72e <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 753934 85c019e8227e2931fd729cb62ac50665 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 1034652 c74b21cd97c05b681aca5d08ec8f8aa0 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 6619408 9a2094c8e986950267bf9074aabb0ae1 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 3813628 506e543e9589590bbd18c348e8aa0180 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 2850440 7178b97aae577ed351785a28f48b3e70 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 674122 c2099d20755db4cabd86d2deab150a68 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 3920854 14185f467acf17968637c819bdf02210 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 547152 eef85bdc65848becc46428a862241d14 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 4361464 69df8256e4a6f32cc51e99b7e71cad39 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_ia64.deb</a> Size/MD5 checksum: 2210714 26a6d7bbcde9b6d94f37e53a93f43e17 Motorola 680x0 architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 329520 5c26f2c67be4fdf02ac4cc4a90dd7719 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 520354 7227fbce4ac60790736a4bf0e0363433 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 656118 b605c2a1594bc2548b797490347c5bb2 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 4545606 deb44f02dadf80fcd9ea9a1266014113 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 2220610 8dc5db63f11c8ae1f20b1337e77ee396 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 1780882 dd9d020034d4b9ceac0bb2587418a8c6 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 6327942 d057347dd45bf6493dadc4c406d328c2 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 2232724 ab8038a05eb36ea800d8e98ddf365825 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 334590 a79b1722ed2fab3f9eba7669460b91f6 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 3972970 6b373a2c3825957f6525d15a6ba05439 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_m68k.deb</a> Size/MD5 checksum: 1313454 d66388983a130ec1d9991b501763ea56 Big endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 356160 7484de7a8284ab6ddae47e724ae6a7ef <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 555498 08325cd44084335c733f9c0bde02ed29 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 820722 881f8071b36312ed45bb948a3c72ad71 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 4665362 86a8b6c3125e7e29f3ff7a3640963d90 <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 2775198 add7d625463c96ccb0f1b17e44d7bca6 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 2155060 fbc5686e4c623cf23c18258feaa88c4b <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 6759830 0b3a11a201ae83355b023d2ba22865f2 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 2821434 3c65aee1a03207c4da9e4d40e6b7e263 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 411852 324a48ccfcda0afccfb984e4d7d4400e <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 4104204 1e8841164dcf2ac6f3a3fa41765f04e4 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mips.deb</a> Size/MD5 checksum: 1603728 c41db51a3c9a8956f732433ea863ff06 Little endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 355038 05f0538f36a166df80edccd2e93271aa <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 553240 c0e4c6f349fd2c5823ce881929709927 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 812406 ce897754afd819ffdfa9708101432083 <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 4650708 d00c4533ce9ace8496487130b576c1ed <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 2776248 a2ab4b8f8791559c9bddec150768a3d1 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 2151968 5b191ff77d2efd41f3beac75cecd46d5 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 6573742 ad800c87bf87a70e393c1b52a9de187e <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 2816574 94a2650bd6cec6017328255a6df4dc99 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 410616 c00e6fdfb03f37a269e8151ce4572675 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 4102650 7e5582f238d7bbf7bf8e6eecad3b91ed <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mipsel.deb</a> Size/MD5 checksum: 1601364 f4d11e09cd8bff88d9e758f042d693e3 PowerPC architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 367782 c1166ddce4f4f2ba32b673365e468848 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 590926 9dedaaa1ac5ddb8522a173bec7323fc8 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 736584 b0e18455cdf3fffcf91b9d780432865f <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 5009404 8cddf499eb4827333943e2ed8434a81e <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 2771992 88f9ddbe66b31c8806d92bf6db32f118 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 2153756 b3b6fb9aaeaa21ddfd0cc218eef4f2c6 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 6855234 6c13b994999d952c0d314ddb82603cb7 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 2824232 34eba62b6c4d48bdc085365c2cf67024 <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 406282 1b59265f16d0f5e55d2752fc8c56438a <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 4112216 328a45403859379597177fe49211453a <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_powerpc.deb</a> Size/MD5 checksum: 1612316 9466fef0279933554d2e94a8a23428cb IBM S/390 architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 385558 9f020f95c1e598c42fabdb9f08216dec <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 603630 aa06ffa728ca348574e82abb70e6e644 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 796258 bcb70fc7b4bd9307d5ba53e635e2e29a <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 5282646 b1738dc01a023d62a08291db2b5e010e <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 2723342 77fa5179bba1cd7275291dd4906ac90a <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 2122412 316a93147dab42dcfeefe69b524993b7 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 6831846 21177adfb613f01d997a99b7cd9b524d <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 2773144 aff4d52d118fe59fcd1302c38bf91e8a <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 404192 62175fb579eabb6c2d37efa26b7be76e <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 4091974 64f9851fdd14be08220445d44121c185 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_s390.deb</a> Size/MD5 checksum: 1613030 b6ad9509a1af7621a0cf7b775b89f763 Sun Sparc architecture: <a href="http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 355466 e8aa06b90abceddce818839f6d2def17 <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 560884 f2f8ebfea16880ef9f1ddeab3e867c6a <a href="http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 795240 d5d428d728ce78ab9688febd670e1d1b <a href="http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 4861930 24d262774c8fde4d1287311b5492c0cb <a href="http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 2520686 f138f0b15a7c6c9317bdcf205eac4140 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 1977974 cff11e6d984d96b08323542033f65893 <a href="http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 6344260 45888fe47ec5a613a491f63707392ed6 <a href="http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 2539818 146dfe8c85cf825664393e40eef4a58d <a href="http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 371444 ec8c1179fe00fe47babce07744a6a296 <a href="http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 4049508 e2c949808a6634702dd8ff7bbaf727c2 <a href="http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_sparc.deb</a> Size/MD5 checksum: 1476048 fb4619e500d82ab10a5e8e24cc44cefb 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Samba ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch" target="_blank">http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch</a>
idSSV:1370
last seen2017-11-19
modified2007-02-07
published2007-02-07
reporterRoot
titleSamba服务器VFS插件afsacl.so远程格式串处理漏洞

Statements

contributorMark J Cox
lastmodified2007-05-14
organizationRed Hat
statementNot vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.