How to Buy
This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote service might be affected by a local privilege escalation
According to its banner, the version of Samba running on the remote
host is in the 2.x or 3.x branch. Such versions are shipped with a
utility called 'smbmnt'. When smbmnt has the setuid 'root' bit set, a
local user with access to the victim can mount a Samba share and then
execute a setuid or setgid 'root' binary located on the share to gain
unauthorized access to root privileges.
Note that Nessus has not tried to exploit the issue, but rather only
checked the version of Samba running on the remote host. As a result,
it will not detect if the remote host has implemented a workaround.
See also :
Upgrade Samba to version 3.0.2a or higher. As a workaround, remove the
setuid bit from 'smbmnt'.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true
Nessus Plugin ID: 17723 ()
Bugtraq ID: 9619
CVE ID: CVE-2004-0186
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.