Synopsis :

The remote service is vulnerable to denial of service attacks.

Description :

According to its banner, the version of Samba installed on the
remote host is a version of 3.4 before 3.4.8 or 3.5 < 3.5.2. Such
versions are affected by two denial of service vulnerabilities that
can be triggered via either a null pointer dereference or an
uninitialized variable read.

By sending specially crafted 'Session Setup AndX' requests, an
unauthenticated, remote attacker can exploit these vulnerabilities to
crash the affected service, thereby denying service to legitimate
users.

See also :

http://www.nessus.org/u?66795feb
https://bugzilla.samba.org/show_bug.cgi?id=7229
https://bugzilla.samba.org/show_bug.cgi?id=7254
http://samba.org/samba/history/samba-3.4.8.html
http://samba.org/samba/history/samba-3.5.2.html

Solution :

Upgrade to Samba 3.4.8 / 3.5.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true