Samba < 3.0.6 Unspecified Remote Memory Leak Information Disclosure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote host is running a service that contains multiple memory
leaks.

Description :

According to its banner, the version of Samba running on the remote
host is earlier than 3.0.6. Such versions contain multiple memory
leaks that can allow remote, unauthorized information disclosure and a
remote denial of service attack.

Note that Nessus has not actually tried to exploit this issue or
determine if the issue has been fixed by a backported patch.

See also :

http://xforce.iss.net/xforce/xfdb/17139
http://www.samba.org/samba/history/samba-3.0.6.html

Solution :

Upgrade to Samba 3.0.6 or higher.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

Family: Misc.

Nessus Plugin ID: 17721 ()

Bugtraq ID:

CVE ID: CVE-2004-2546