Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2010:0697
HistorySep 15, 2010 - 1:23 p.m.

libsmbclient, samba security update

2010-09-1513:23:12
CentOS Project
lists.centos.org
55

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.915

Percentile

98.9%

JSON

CentOS Errata and Security Advisory CESA-2010:0697

Samba is a suite of programs used by machines to share files, printers, and
other information.

A missing array boundary checking flaw was found in the way Samba parsed
the binary representation of Windows security identifiers (SIDs). A
malicious client could send a specially-crafted SMB request to the Samba
server, resulting in arbitrary code execution with the privileges of the
Samba server (smbd). (CVE-2010-3069)

For Red Hat Enterprise Linux 4, this update also fixes the following bug:

  • Previously, the restorecon utility was required during the installation
    of the samba-common package. As a result, attempting to update samba
    without this utility installed may have failed with the following error:

/var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found

With this update, the utility is only used when it is already present on
the system, and the package is now always updated as expected. (BZ#629602)

Users of Samba are advised to upgrade to these updated packages, which
correct these issues. After installing this update, the smb service will be
restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-September/079158.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079159.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079160.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079161.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079168.html
https://lists.centos.org/pipermail/centos-announce/2010-September/079169.html

Affected packages:
libsmbclient
libsmbclient-devel
samba
samba-client
samba-common
samba-swat

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0697

Related

nessus 33
openvas 39
oraclelinux 4
fedora 4
debian 4
redhat 3
veracode 1
securityvulns 6
nvd 1
debiancve 1
ubuntucve 1
centos 1
samba 1
checkpoint_advisories 1
altlinux 2
osv 2
cve 1
prion 1
slackware 1
cvelist 1
ubuntu 1
vmware 2
suse 1
gentoo 1
nessus
nessus
SuSE9 Security Update : Samba (YOU Patch Number 12644)
2010-10-06 00:00:00
Oracle Linux 6 : samba (ELSA-2010-0860)
2013-07-12 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : samba (SSA:2010-257-01)
2010-09-15 00:00:00
openvas
openvas
Mandriva Update for samba MDVSA-2010:184 (samba)
2010-09-22 00:00:00
CentOS Update for libsmbclient CESA-2010:0697 centos5 i386
2011-08-09 00:00:00
Oracle: Security Advisory (ELSA-2010-0697)
2015-10-06 00:00:00
oraclelinux
oraclelinux
samba security update
2011-02-10 00:00:00
samba security and bug fix update
2010-09-14 00:00:00
samba3x security update
2010-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: samba-3.5.5-68.fc14
2010-09-15 07:09:26
[SECURITY] Fedora 13 Update: samba-3.5.5-68.fc13
2010-09-15 05:22:12
[SECURITY] Fedora 13 Update: samba-3.5.8-74.fc13
2011-03-19 10:27:41
debian
debian
BSA-003 Security Update for samba
2010-09-30 05:47:13
[SECURITY] [DSA-2109-1] New samba packages fix buffer overflow
2010-09-16 16:56:00
BSA-003 Security Update for samba
2010-09-30 09:38:45
redhat
redhat
(RHSA-2010:0860) Critical: samba security update
2010-11-10 00:00:00
(RHSA-2010:0698) Critical: samba3x security update
2010-09-14 00:00:00
(RHSA-2010:0697) Critical: samba security and bug fix update
2010-09-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:47:54
securityvulns
securityvulns
[USN-987-1] Samba vulnerability
2010-09-16 00:00:00
SAMBA buffer overflow
2010-09-16 00:00:00
Apple Mac OS X multiple security vulnerabilities
2011-07-06 00:00:00
nvd
nvd
CVE-2010-3069
2010-09-15 18:00:44
debiancve
debiancve
CVE-2010-3069
2010-09-15 18:00:44
ubuntucve
ubuntucve
CVE-2010-3069
2010-09-14 00:00:00
centos
centos
libtalloc, libtdb, samba3x, tdb security update
2010-09-15 22:42:24
samba
samba
Buffer Overrun Vulnerability
2010-09-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Samba SID Parsing Stack Buffer Overflow (CVE-2010-3069)
2010-11-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package samba version 3.5.5-alt1
2010-09-14 00:00:00
Security fix for the ALT Linux 5 package samba version 3.0.37-alt3.M50P.1
2010-09-13 00:00:00
osv
osv
samba - buffer overflow
2010-09-16 00:00:00
ctdb-4.5.0-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2010-3069
2010-09-15 18:00:44
prion
prion
Stack overflow
2010-09-15 18:00:00
slackware
slackware
[slackware-security] samba
2010-09-15 03:39:16
cvelist
cvelist
CVE-2010-3069
2010-09-15 17:26:00
ubuntu
ubuntu
Samba vulnerability
2010-09-14 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
suse
suse
Security update for Samba (critical)
2012-03-09 17:08:16
gentoo
gentoo
Samba: Multiple vulnerabilities
2012-06-24 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.915

Percentile

98.9%

JSON
Related for CESA-2010:0697
nessus33openvas39oraclelinux4fedora4debian4redhat3veracode1securityvulns6nvd1debiancve1ubuntucve1centos1samba1checkpoint_advisories1altlinux2osv2cve1prion1slackware1cvelist1ubuntu1vmware2suse1gentoo1