Samba NETBIOS Name Traversal Arbitrary Remote File Creation

This script is Copyright (C) 2001-2011 Tenable Network Security, Inc.


Synopsis :

Arbitrary files may be overwritten on the remote server.

Description :

The remote Samba server, according to its version number, allows
creation of arbitrary remote files.

This vulnerability allows an attacker to overwrite arbitrary files by
supplying an arbitrarily formed NetBIOS machine name to this server,
and to potentially become root on the remote server.

An attacker does not need any privileges to exploit this flaw.

Solution :

Upgrade to Samba 2.0.10 or 2.2.0a

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 10786 ()

Bugtraq ID: 2928

CVE ID: CVE-2001-1162