Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Misc. >> Samba < 3.0.24 Multiple Flaws


Vulnerability Assessment Details

Samba < 3.0.24 Multiple Flaws

Vulnerability Assessment Summary
Checks the version of Samba

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Samba server is vulnerable to multiple vulnerabilies which
might lead to remote code execution

Description :

According to its version number, the remote Samba server is affected
by several flaws :

- A denial of service issue occuring if an authenticated attacker sends
a large number of CIFS session requests which will cause an infinite loop
to occur in the smbd daemon, thus utilizing CPU resources and denying access
to legitimate users


- A remote format string vulnerability which may be exploited by a possible hacker
with write access to a remote share by sending a malformed request to
the remote service (this issue only affects installations sharing an
AFS file system when the afsacl.so VFS module is loaded)

- A remote buffer overflow vulnerability affecting the NSS lookup capability
of the remote winbindd daemon


Solution :

Upgrade to Samba 3.0.24 or newer

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 22395, 22403, 22410

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security, Inc.

Cables, Connectors

CHECK POINT SBX-166LHGE-3 Firewall Ethernet Switch WORKING
$39.99
CHECK POINT SBX-166LHGE-3 Firewall Ethernet Switch WORKING   pictureCisco ASA 5506-X Security Appliance (ASA5506-K9) - Quantity Available
$365.99
Cisco ASA 5506-X Security Appliance (ASA5506-K9) - Quantity Available pictureSSG-320M Juniper SSG320M Secure Service Gateway with rackmount kit
$175.0
SSG-320M Juniper SSG320M Secure Service Gateway with rackmount kit pictureCisco ASA 5505 v06
$50.0
Cisco ASA 5505 v06 picture


Discussions

No Discussions have been posted on this vulnerability.