This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Various bugs were found in NDR parsing, used to decode MS-RPC requests
in Samba. A remote attacker could have sent carefully crafted requests
causing a heap overflow, which may have led to the ability to execute
arbitrary code on the server. (CVE-2007-2446)
Unescaped user input parameters were being passed as arguments to
/bin/sh. A remote, authenticated, user could have triggered this flaw
and executed arbitrary code on the server. Additionally on Scientific
Linux 5 this flaw could be triggered by a remote unauthenticated user
if Samba was configured to use the non-default 'username map script'
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true