Samba 3.x < 3.3.15 / 3.4.12 / 3.5.7 'FD_SET' Memory Corruption

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a memory corruption
vulnerability.

Description :

According to its banner, the version of Samba 3.x running on the
remote host is earlier than 3.3.15 / 3.4.12 / 3.5.7. An error exists
in the range checks on file descriptors in the 'FD_SET' macro that
allows stack corruption. This corruption can cause Samba to crash or
to continually try selecting on an improper descriptor set.

An attacker who is able to get a connection to a file share, either
authenticated or via a guest connection, can leverage this issue to
launch a denial of service attack against the affected smbd service.

Note the possibility of arbitrary code execution exists with this type
of vulnerability but has not been confirmed.

Also note that Nessus has not actually tried to exploit this issue or
otherwise determine if one of the patches has been applied.

See also :

https://bugzilla.samba.org/show_bug.cgi?id=7949
http://www.samba.org/samba/security/CVE-2011-0719.html
http://www.samba.org/samba/history/samba-3.3.15.html
http://www.samba.org/samba/history/samba-3.4.12.html
http://www.samba.org/samba/history/samba-3.5.7.html

Solution :

Either apply one of the patches referenced in the project's advisory
or upgrade to 3.3.15 / 3.4.12 / 3.5.7 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 52503 ()

Bugtraq ID: 46597

CVE ID: CVE-2011-0719