|
Family: Misc. --> Category: infos
Samba < 3.0.24 Multiple Flaws Vulnerability Scan
Vulnerability Scan Summary Checks the version of Samba
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Samba server is vulnerable to multiple vulnerabilies which
might lead to remote code execution
Description :
According to its version number, the remote Samba server is affected
by several flaws :
- A denial of service issue occuring if an authenticated attacker sends
a large number of CIFS session requests which will cause an infinite loop
to occur in the smbd daemon, thus utilizing CPU resources and denying access
to legitimate users
- A remote format string vulnerability which may be exploited by a possible hacker
with write access to a remote share by sending a malformed request to
the remote service (this issue only affects installations sharing an
AFS file system when the afsacl.so VFS module is loaded)
- A remote buffer overflow vulnerability affecting the NSS lookup capability
of the remote winbindd daemon
Solution :
Upgrade to Samba 3.0.24 or newer
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|