{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Samba 3.0.9 et versions ant\u00e9rieures.</p>","content":"## Description\n\nSamba est un logiciel libre utilis\u00e9 pour la mise en \u0153uvre des partages\nr\u00e9seau \u00e0 l'aide des protocoles SMB et CIFS sous Unix.\n\n  \n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire est pr\u00e9sente dans le\nprocessus smbd lors du traitement des param\u00e8tres de s\u00e9curit\u00e9 associ\u00e9s \u00e0\nun fichier. Un utilisateur distant, pr\u00e9alablement authentifi\u00e9, peut\nutiliser cette vuln\u00e9rabilit\u00e9 pour ex\u00e9cuter du code arbitraire \u00e0 distance\navec les privil\u00e8ges du super-utilisateur root sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nLa version 3.0.10 de Samba corrige cette vuln\u00e9rabilit\u00e9.\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 HP HPSBUX01115 du 02 f\u00e9vrier 2005 :","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01115"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200412-13 du 17 d\u00e9cembre    2004 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200412-13.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004-681 du 21 d\u00e9cembre    2004 :","url":"http://rhn.redhat.com/errata/RHSA-2004-681.html"},{"title":"Bulletin de s\u00e9curit\u00e9 de samba :","url":"http://us1.samba.org/samba/security/CAN-2004-1154.html"},{"title":"Bulletin de s\u00e9curit\u00e9 FreeBSD du 21 d\u00e9cembre 2004 :","url":"http://www.vuxml.org/freebsd/"},{"title":"Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2004:045 du 22 d\u00e9cembre    2004 ;","url":"http://www.novell.com/linux/security/advisories/2004_45_samba.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004-670 du 16 d\u00e9cembre    2004 :","url":"http://rhn.redhat.com/errata/RHSA-2004-670.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Sun #57730 du 03 f\u00e9vrier 2005 :","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:158 du 27 d\u00e9cembre    2004 :","url":"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:158"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2005-020 du 05 janvier    2005 :","url":"http://rhn.redhat.com/errata/RHSA-2005-020.html"}],"reference":"CERTA-2004-AVI-402","revisions":[{"description":"version initiale.","revision_date":"2004-12-17T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence aux bulletins de s\u00e9curit\u00e9 de Red Hat et Gentoo.","revision_date":"2004-12-20T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 de FreeBSD.","revision_date":"2004-12-21T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2004-681.","revision_date":"2004-12-22T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2004:045.","revision_date":"2004-12-23T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:158.","revision_date":"2005-01-03T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2005-020.","revision_date":"2005-01-06T00:00:00.000000"},{"description":"ajout r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 HP HPSBUX01115 et Sun #57730.","revision_date":"2005-02-04T00:00:00.000000"}],"risks":[{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 de Samba","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 d'iDEFENSE","url":"http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de Samba","url":null}]}