Uočena su tri sigurnosna propusta programskog paketa Samba. Spomenuti propusti napadaču omogućuju izvođenje raznih vrsta napada i pristup osjetljivim podacima.

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03008543

Version: 1
HPSBNS02701 SSRT100598 rev.1 - HP NonStop Servers running Samba, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification, Unauthorized Access to Files, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-09-19

Last Updated: 2011-09-19

Potential Security Impact: Remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification, unauthorized access to files, cross site scripting (XSS)

Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY

Potential vulnerabilities have been identified with the HP NonStop Servers running Samba. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification, unauthorized access to files, and for cross site scripting (XSS).

References: CVE-2011-2522, CVE-2011-2694, CVE-2011-2411
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

H06.15.00, H06.15.01, H06.15.02, H06.16.00, H06.16.01, H06.16.02,
H06.17.00, H06.17.01, H06.17.02, H06.17.03, H06.18.00, H06.18.01,
H06.18.02, H06.19.00, H06.19.01, H06.19.02, H06.19.03, H06.20.00, H06.20.01, H06.20.02, H06.20.03,
H06.21.00, H06.21.01, H06.21.02, H06.22.00, H06.22.01, H06.23.00,
J06.04.00, J06.04.01, J06.04.02, J06.05.00, J06.05.01, J06.05.02,
J06.06.00, J06.06.01, J06.06.02, J06.06.03, J06.07.00, J06.07.01, J06.07.02, J06.08.00, J06.08.01, J06.08.02,
J06.08.03, J06.09.00, J06.09.01, J06.09.02, J06.09.03, J06.10.00, J06.10.01, J06.10.02,
J06.11.00, J06.11.01, J06.12.00.
BACKGROUND

For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

CVSS 2.0 Base Metrics
Reference
	
Base Vector
	
Base Score
CVE-2011-2522
	
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
	
6.8
CVE-2011-2694
	
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
	
2.6
CVE-2011-2411
	
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
	
9.0

Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.

 
RESOLUTION

HP has made the following software updates available to resolve the vulnerability.

Please install NS-SAMBA SPR T1201H01^AAC for the following RVUs:

Note: SPR T1201H01^AAB is available to resolve CVE-2011-2411 but has been superceded by SPR T1201H01^AAC to resolve CVE-2011-2411, CVE-2011-2522 and CVE-2011-2694.
NS-SAMBA SPR T1201H01^AAC
(CVE-2011-2522, CVE-2011-2694, CVE-2011-2411, CVE-2011-2411)
	
This SPR is usable with these RVUs:
H06.15.00, H06.15.01, H06.15.02, H06.16.00, H06.16.01, H06.16.02, H06.17.00, H06.17.01, H06.17.02, H06.167.03, H06.18.00, H06.18.00, H06.18.01, H06.18.02, H06.19.00, H06.19.01, H06.19.02, H06.19.03, H06.20.00, H06.20.01, H06.20.02, H06.20.03, H06.21.00, H06.21.01, H06.21.02, H06.22, H06.22.01, H06.23.00

J06.04.00, J06.04.01, J06.04.02, J06.05.00, J06.05.01, J06.05.02, J06.06.00, J06.06.01, J06.06.02, J06.06.03, J06.07.00, J06.07.01, J06.07.02, J06.08.00, J06.08.01, J06.08.02, J06.08.03, J06.09.00, J06.09.01, J06.09.02, J06.09.03, J06.10.00, J06.10.01, J06.10.02, J06.11.00, J06.11.01, J06.12.00
This SPR is already present in these RVUs:
None
Requisite SPRs:
Please read the softdoc of NS-SAMBA SPR T1201H01^AAC for details
Superseded SPRs:
T1201H01^AAA and T1201H01^AAB
RVU containing final fix:
None
Installation impact:
Minimal system impact

HISTORY
Version:1 (rev.1) - 19 September 2011 Initial release