Samba Multiple Remote Vulnerabilities

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to several flaws.

Description :

The remote Samba server, according to its version number, is affected
by a remote denial of service vulnerability as well as a buffer
overflow.

The Wild Card DoS vulnerability may allow an attacker to make the
remote server consume excessive CPU cycles.

The QFILEPATHINFO Remote buffer overflow vulnerability may allow an
attacker to execute code on the server.

An attacker needs a valid account or enough credentials to exploit
those flaws.

See also :

http://www.samba.org/samba/security/CVE-2004-0882.html
http://www.samba.org/samba/security/CVE-2004-0930.html

Solution :

Upgrade to Samba 3.0.8 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 15705 ()

Bugtraq ID: 11624
11678

CVE ID: CVE-2004-0882
CVE-2004-0930

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial