Samba < 3.4.8 / 3.5.2 Session Setup AndX DoS

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote service is vulnerable to denial of service attacks.

Description :

According to its banner, the version of Samba installed on the remote
host is a version of 3.4 before 3.4.8 or 3.5 < 3.5.2. Such versions
are affected by two denial of service vulnerabilities that can be
triggered via either a NULL pointer dereference or an uninitialized
variable read.

By sending specially crafted 'Session Setup AndX' requests, an
unauthenticated, remote attacker can exploit these vulnerabilities to
crash the affected service, thereby denying service to legitimate

See also :

Solution :

Upgrade to Samba 3.4.8 / 3.5.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 46351 ()

Bugtraq ID: 40097

CVE ID: CVE-2010-1635

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial