eEye Digital Security

My Retina scanner will not clear out my HIGH risk Samba Multiple Buffer Overflow Vulnerability issue because we use Red Hat linux and my guys are telling me they have they're own patch and samba like tool.  So even though it is no longer a vulnerability,  It will not show the updated Samba version in Red Hat.  All are Red Hat 4 AS or ES.  Any help is appreciated.  Thank you.

     To my knowledge, with the simplified version of Retina that is provided in Blink, there is not any way of ignoring a scan result so you will not see it again.  It will probably not go away unless your using the actual patch for that vulnerability that the vendor issued.  If your using a custom patch that you are being told is protecting you, then you will probably have to ignore the scan result.

 

I just found this out recently.  If you wish to exclude something that you know is fixed (as in your case with a special patch of your own) then this may help you.

http://forums.eeye.com/forums/t/459.aspx 

Redhat and other linux distros tend to merge updates into their existing source trees (Hence the patched version numbers that tend to trail a package).  This may cause the original version to remain the same since the actual update from Redhat/other is not a direct build of the original source code from SAMBA.    Try upgrading SAMBA to the recommended version or newer with a package (provided by Redhat) specifically made for SAMBA version X.x.x