Samba < 3.0.7 Multiple Remote DoS

This script is Copyright (C) 2004-2012 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to a denial of service.

Description :

The remote Samba server, according to its version number, is
vulnerable to a denial of service.

There is a bug in the remote smbd ASN.1 parsing that could allow an
attacker to cause a denial of service attack against the remote host
by sending a specially crafted ASN.1 packet during the authentication
request that could make the newly-spawned smbd process run into an
infinite loop. By establishing multiple connections and sending such
packets, an attacker could consume all the CPU and memory of the
remote host, thus crashing it remotely.

Another bug could allow an attacker to crash the remote nmbd process
by sending a malformed NetBIOS packet.

Solution :

Upgrade to Samba 3.0.7.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 14711 ()

Bugtraq ID: 11156

CVE ID: CVE-2004-0807
CVE-2004-0808