This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Samba server is affected by a memory corruption
According to its banner, the version of Samba 3.x running on the
remote host is earlier than 3.3.15 / 3.4.12 / 3.5.7. An error exists
in the range checks on file descriptors in the 'FD_SET' macro that
allows stack corruption. This corruption can cause Samba to crash or
to continually try selecting on an improper descriptor set.
An attacker who is able to get a connection to a file share, either
authenticated or via a guest connection, can leverage this issue to
launch a denial of service attack against the affected smbd service.
Note the possibility of arbitrary code execution exists with this type
of vulnerability but has not been confirmed.
Also note that Nessus has not actually tried to exploit this issue or
otherwise determine if one of the patches has been applied.
See also :
Either apply one of the patches referenced in the project's advisory
or upgrade to 3.3.15 / 3.4.12 / 3.5.7 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false
Nessus Plugin ID: 52503 ()
Bugtraq ID: 46597
CVE ID: CVE-2011-0719
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.