Samba < 3.0.24 Multiple Flaws

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.

Synopsis :

The remote Samba server is affected by several vulnerabilities that
could lead to remote code execution

Description :

According to its version number, the remote Samba server is affected
by several flaws :

- A denial of service issue occuring if an authenticated
attacker sends a large number of CIFS session requests
which will cause an infinite loop to occur in the smbd
daemon, thus utilizing CPU resources and denying access
to legitimate users

- A remote format string vulnerability that could be
exploited by an attacker with write access to a remote
share by sending a malformed request to the remote
service (this issue only affects installations sharing
an AFS file system when the VFS module is

- A remote buffer overflow vulnerability affecting the NSS
lookup capability of the remote winbindd daemon

Solution :

Upgrade to Samba 3.0.24 or newer

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 24685 ()

Bugtraq ID: 22395

CVE ID: CVE-2007-0452