Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Misc. >> Samba < 3.0.24 Multiple Flaws


Vulnerability Assessment Details

Samba < 3.0.24 Multiple Flaws

Vulnerability Assessment Summary
Checks the version of Samba

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Samba server is vulnerable to multiple vulnerabilies which
might lead to remote code execution

Description :

According to its version number, the remote Samba server is affected
by several flaws :

- A denial of service issue occuring if an authenticated attacker sends
a large number of CIFS session requests which will cause an infinite loop
to occur in the smbd daemon, thus utilizing CPU resources and denying access
to legitimate users


- A remote format string vulnerability which may be exploited by a possible hacker
with write access to a remote share by sending a malformed request to
the remote service (this issue only affects installations sharing an
AFS file system when the afsacl.so VFS module is loaded)

- A remote buffer overflow vulnerability affecting the NSS lookup capability
of the remote winbindd daemon


Solution :

Upgrade to Samba 3.0.24 or newer

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 22395, 22403, 22410

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security, Inc.

Cables, Connectors

Yealink Verizon VoIP Phone SIP-T46S Lightly Used Multiple Available
$79.95
Yealink Verizon VoIP Phone SIP-T46S Lightly Used Multiple Available pictureGrandstream GXP1625 Small to Medium Business HD IP Phone with POE VoIP, Black
$38.99
Grandstream GXP1625 Small to Medium Business HD IP Phone with POE VoIP, Black pictureGrandstream GS-GXP2135 Enterprise IpPhone Gigabit Speed 8 Lines VoIP Phone-Black
$72.99
Grandstream GS-GXP2135 Enterprise IpPhone Gigabit Speed 8 Lines VoIP Phone-Black pictureSolarwinds VoIP and Network Quality Manager License, Perpetual/Full Feature
$299.0
Solarwinds VoIP and Network Quality Manager License, Perpetual/Full Feature picture


Discussions

No Discussions have been posted on this vulnerability.