FrSIRT - Fedora Security Update Fixes Samba Local Password Disclosure Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Samba Local Password Disclosure Vulnerability

Title : Fedora Security Update Fixes Samba Local Password Disclosure Vulnerability
Advisory ID : FrSIRT/ADV-2006-1210
CVE ID : CVE-2006-1059
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-04-03

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to address a vulnerability identified in Samba [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

19bd90a82e345a4c57b4d01cf5c125bcc4f9f0c5 SRPMS/samba-3.0.22-1.fc5.src.rpm
01ed559efc215b1e756b5ab65cd62576827e5b8b ppc/samba-3.0.22-1.fc5.ppc.rpm
fdc54e6510a8894515844b202936ae6313a4edd9 ppc/samba-client-3.0.22-1.fc5.ppc.rpm
e77dd80c1c2ed0272ede71a29322b2b9fab5b452 ppc/samba-common-3.0.22-1.fc5.ppc.rpm
9d49af63cc1a7ead0a2b9cccbd27838c2cf49e81 ppc/samba-swat-3.0.22-1.fc5.ppc.rpm
64c76e2fc8fe6616ffc723d685b14cda6ee73869 ppc/debug/samba-debuginfo-3.0.22-1.fc5.ppc.rpm
5831a3f7c3cc9137565ff258c2c8c9b24fc4d66d x86_64/samba-3.0.22-1.fc5.x86_64.rpm
10aab5d90723d2eeb9aec3a0f50eee54b466fcac x86_64/samba-client-3.0.22-1.fc5.x86_64.rpm
7d9c818a313584c1b6dbc5b17a6da498e038ab5b x86_64/samba-common-3.0.22-1.fc5.x86_64.rpm
4b9a35ac73bfb71a76b4db3cfcee85690d116572 x86_64/samba-swat-3.0.22-1.fc5.x86_64.rpm
e02aee66d132a9bcbf42f9f240177886d2d57dfc x86_64/debug/samba-debuginfo-3.0.22-1.fc5.x86_64.rpm
1ff0438c6e3211beaf0e90310f24c218377b7cf8 i386/samba-3.0.22-1.fc5.i386.rpm
858532e3482110ae0618fd4ef511a124d59fdfdf i386/samba-client-3.0.22-1.fc5.i386.rpm
9eeadacd64eead302111988a6952f510b96c2f6b i386/samba-common-3.0.22-1.fc5.i386.rpm
a77fe2b7db8cbb70c65bc2895223869b6f0f152c i386/samba-swat-3.0.22-1.fc5.i386.rpm
6f0e635735830cb7f096900bc897d5a205d8f292 i386/debug/samba-debuginfo-3.0.22-1.fc5.i386.rpm

ChangeLog

2006-04-03 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)