|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Misc. >> Samba < 3.0.24 Multiple Flaws Vulnerability Assessment Details
|
Samba < 3.0.24 Multiple Flaws |
||
|
Checks the version of Samba Detailed Explanation for this Vulnerability Assessment Summary : The remote Samba server is vulnerable to multiple vulnerabilies which might lead to remote code execution Description : According to its version number, the remote Samba server is affected by several flaws : - A denial of service issue occuring if an authenticated attacker sends a large number of CIFS session requests which will cause an infinite loop to occur in the smbd daemon, thus utilizing CPU resources and denying access to legitimate users - A remote format string vulnerability which may be exploited by a possible hacker with write access to a remote share by sending a malformed request to the remote service (this issue only affects installations sharing an AFS file system when the afsacl.so VFS module is loaded) - A remote buffer overflow vulnerability affecting the NSS lookup capability of the remote winbindd daemon Solution : Upgrade to Samba 3.0.24 or newer Network Security Threat Level: High / CVSS Base Score : 7.0 (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Networks Security ID: 22395, 22403, 22410 Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security, Inc. |
||
|
Networking, Telecom Tools |
|
||
|
No Discussions have been posted on this vulnerability. |